From 818a84e6b1c682bf72164551167762c35bbc0d86 Mon Sep 17 00:00:00 2001 From: Pengfei Wang Date: Thu, 21 May 2026 15:25:01 +0800 Subject: [PATCH] chore: renew proto --- Scripts/gen_swift_proto.sh | 3 + Sources/DGWAuth/CredentialAuthProvider.swift | 2 +- .../ControlPlaneTransport.swift | 3 + Sources/DGWControlPlane/RetryExecutor.swift | 4 +- Sources/DGWProto/Generated/auth.grpc.swift | 402 ++++-- Sources/DGWProto/Generated/auth.pb.swift | 1188 ++++++++++------- .../Generated/data_gateway.grpc.swift | 159 ++- .../DGWProto/Generated/data_gateway.pb.swift | 191 ++- .../DataGatewayClient/FilePreparation.swift | 27 +- .../CredentialAuthProviderTests.swift | 2 - .../ControlPlaneTransportTests.swift | 5 +- .../RetryExecutorTests.swift | 1 + .../ArchebaseConfigClientTests.swift | 3 +- .../UploadCoordinatorTests.swift | 26 +- protos/auth.proto | 174 ++- protos/data_gateway.proto | 39 +- 16 files changed, 1546 insertions(+), 683 deletions(-) diff --git a/Scripts/gen_swift_proto.sh b/Scripts/gen_swift_proto.sh index 8e7b167..dc0026d 100755 --- a/Scripts/gen_swift_proto.sh +++ b/Scripts/gen_swift_proto.sh @@ -36,3 +36,6 @@ protoc \ "$PROTO_ROOT/common.proto" \ "$PROTO_ROOT/auth.proto" \ "$PROTO_ROOT/data_gateway.proto" + +# protoc-gen-grpc-swift can emit trailing spaces on blank quoted doc-comment lines. +perl -pi -e 's/[ \t]+$//' "$OUT_DIR"/*.swift diff --git a/Sources/DGWAuth/CredentialAuthProvider.swift b/Sources/DGWAuth/CredentialAuthProvider.swift index 7ee063c..8fbb92a 100644 --- a/Sources/DGWAuth/CredentialAuthProvider.swift +++ b/Sources/DGWAuth/CredentialAuthProvider.swift @@ -62,7 +62,7 @@ package struct AuthServiceClientTransport Archebase_Auth_V1_ExchangeCredentialResponse { var request = Archebase_Auth_V1_ExchangeCredentialRequest() - request.credentialBase64 = credentialBase64 + request.credential = credentialBase64 var options = CallOptions.defaults options.timeout = timeout diff --git a/Sources/DGWControlPlane/ControlPlaneTransport.swift b/Sources/DGWControlPlane/ControlPlaneTransport.swift index adea05e..210c6be 100644 --- a/Sources/DGWControlPlane/ControlPlaneTransport.swift +++ b/Sources/DGWControlPlane/ControlPlaneTransport.swift @@ -310,6 +310,7 @@ package protocol GatewayControlPlaneClientProtocol: Sendable { rawTags: [String: String], completedPartCount: Int32, ossObjectEtag: String, + partSizeBytes: Int64, authorizationHeader: String ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse } @@ -408,6 +409,7 @@ package final class GatewayControlPlaneClient Archebase_DataGateway_V1_CompleteUploadResponse { var request = Archebase_DataGateway_V1_CompleteUploadRequest() @@ -416,6 +418,7 @@ package final class GatewayControlPlaneClient = try await self.client.completeUpload( diff --git a/Sources/DGWControlPlane/RetryExecutor.swift b/Sources/DGWControlPlane/RetryExecutor.swift index f2c2730..56c2b0d 100644 --- a/Sources/DGWControlPlane/RetryExecutor.swift +++ b/Sources/DGWControlPlane/RetryExecutor.swift @@ -334,7 +334,8 @@ package final class AuthenticatedGatewayControlPlaneClient< fileSize: Int64, rawTags: [String: String], completedPartCount: Int32, - ossObjectEtag: String + ossObjectEtag: String, + partSizeBytes: Int64 ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse { try await self.retryExecutor.execute(policy: self.retryPolicy, refreshAuthorization: self.refreshAuthorization) { let header = try await self.authProvider.authorizationHeader() @@ -344,6 +345,7 @@ package final class AuthenticatedGatewayControlPlaneClient< rawTags: rawTags, completedPartCount: completedPartCount, ossObjectEtag: ossObjectEtag, + partSizeBytes: partSizeBytes, authorizationHeader: header ) } diff --git a/Sources/DGWProto/Generated/auth.grpc.swift b/Sources/DGWProto/Generated/auth.grpc.swift index fb7fd27..c7844d4 100644 --- a/Sources/DGWProto/Generated/auth.grpc.swift +++ b/Sources/DGWProto/Generated/auth.grpc.swift @@ -757,16 +757,29 @@ public enum Archebase_Auth_V1_AdminAuthService: Sendable { type: .unary ) } - /// Namespace for "CreateApiKey" metadata. - public enum CreateApiKey: Sendable { - /// Request type for "CreateApiKey". - public typealias Input = Archebase_Auth_V1_CreateApiKeyRequest - /// Response type for "CreateApiKey". - public typealias Output = Archebase_Auth_V1_CreateApiKeyResponse - /// Descriptor for "CreateApiKey". + /// Namespace for "CreateSiteApiKey" metadata. + public enum CreateSiteApiKey: Sendable { + /// Request type for "CreateSiteApiKey". + public typealias Input = Archebase_Auth_V1_CreateSiteApiKeyRequest + /// Response type for "CreateSiteApiKey". + public typealias Output = Archebase_Auth_V1_CreateSiteApiKeyResponse + /// Descriptor for "CreateSiteApiKey". public static let descriptor = GRPCCore.MethodDescriptor( service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "archebase.auth.v1.AdminAuthService"), - method: "CreateApiKey", + method: "CreateSiteApiKey", + type: .unary + ) + } + /// Namespace for "CreateOrRotateDeviceApiKey" metadata. + public enum CreateOrRotateDeviceApiKey: Sendable { + /// Request type for "CreateOrRotateDeviceApiKey". + public typealias Input = Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest + /// Response type for "CreateOrRotateDeviceApiKey". + public typealias Output = Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse + /// Descriptor for "CreateOrRotateDeviceApiKey". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "archebase.auth.v1.AdminAuthService"), + method: "CreateOrRotateDeviceApiKey", type: .unary ) } @@ -796,6 +809,19 @@ public enum Archebase_Auth_V1_AdminAuthService: Sendable { type: .unary ) } + /// Namespace for "UpdateApiKey" metadata. + public enum UpdateApiKey: Sendable { + /// Request type for "UpdateApiKey". + public typealias Input = Archebase_Auth_V1_UpdateApiKeyRequest + /// Response type for "UpdateApiKey". + public typealias Output = Archebase_Auth_V1_UpdateApiKeyResponse + /// Descriptor for "UpdateApiKey". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "archebase.auth.v1.AdminAuthService"), + method: "UpdateApiKey", + type: .unary + ) + } /// Namespace for "EnableApiKey" metadata. public enum EnableApiKey: Sendable { /// Request type for "EnableApiKey". @@ -822,16 +848,16 @@ public enum Archebase_Auth_V1_AdminAuthService: Sendable { type: .unary ) } - /// Namespace for "UpdateApiKey" metadata. - public enum UpdateApiKey: Sendable { - /// Request type for "UpdateApiKey". - public typealias Input = Archebase_Auth_V1_UpdateApiKeyRequest - /// Response type for "UpdateApiKey". - public typealias Output = Archebase_Auth_V1_UpdateApiKeyResponse - /// Descriptor for "UpdateApiKey". + /// Namespace for "RotateApiKeySecret" metadata. + public enum RotateApiKeySecret: Sendable { + /// Request type for "RotateApiKeySecret". + public typealias Input = Archebase_Auth_V1_RotateApiKeySecretRequest + /// Response type for "RotateApiKeySecret". + public typealias Output = Archebase_Auth_V1_RotateApiKeySecretResponse + /// Descriptor for "RotateApiKeySecret". public static let descriptor = GRPCCore.MethodDescriptor( service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "archebase.auth.v1.AdminAuthService"), - method: "UpdateApiKey", + method: "RotateApiKeySecret", type: .unary ) } @@ -922,12 +948,14 @@ public enum Archebase_Auth_V1_AdminAuthService: Sendable { DisableSite.descriptor, UpdateSite.descriptor, DeleteSite.descriptor, - CreateApiKey.descriptor, + CreateSiteApiKey.descriptor, + CreateOrRotateDeviceApiKey.descriptor, GetApiKey.descriptor, ListApiKeys.descriptor, + UpdateApiKey.descriptor, EnableApiKey.descriptor, DisableApiKey.descriptor, - UpdateApiKey.descriptor, + RotateApiKeySecret.descriptor, DeleteApiKey.descriptor, CreateOrganization.descriptor, GetOrganization.descriptor, @@ -1086,23 +1114,42 @@ extension Archebase_Auth_V1_AdminAuthService { onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable - /// Call the "CreateApiKey" method. + /// Call the "CreateSiteApiKey" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_CreateApiKeyRequest` message. - /// - serializer: A serializer for `Archebase_Auth_V1_CreateApiKeyRequest` messages. - /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateApiKeyResponse` messages. + /// - request: A request containing a single `Archebase_Auth_V1_CreateSiteApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_CreateSiteApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateSiteApiKeyResponse` messages. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - func createApiKey( - request: GRPCCore.ClientRequest, - serializer: some GRPCCore.MessageSerializer, - deserializer: some GRPCCore.MessageDeserializer, + func createSiteApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, options: GRPCCore.CallOptions, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + + /// Call the "CreateOrRotateDeviceApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func createOrRotateDeviceApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable /// Call the "GetApiKey" method. @@ -1143,6 +1190,25 @@ extension Archebase_Auth_V1_AdminAuthService { onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable + /// Call the "UpdateApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_UpdateApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_UpdateApiKeyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func updateApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable + /// Call the "EnableApiKey" method. /// /// - Parameters: @@ -1181,23 +1247,23 @@ extension Archebase_Auth_V1_AdminAuthService { onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable - /// Call the "UpdateApiKey" method. + /// Call the "RotateApiKeySecret" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. - /// - serializer: A serializer for `Archebase_Auth_V1_UpdateApiKeyRequest` messages. - /// - deserializer: A deserializer for `Archebase_Auth_V1_UpdateApiKeyResponse` messages. + /// - request: A request containing a single `Archebase_Auth_V1_RotateApiKeySecretRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_RotateApiKeySecretRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_RotateApiKeySecretResponse` messages. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - func updateApiKey( - request: GRPCCore.ClientRequest, - serializer: some GRPCCore.MessageSerializer, - deserializer: some GRPCCore.MessageDeserializer, + func rotateApiKeySecret( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, options: GRPCCore.CallOptions, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable /// Call the "DeleteApiKey" method. @@ -1541,29 +1607,59 @@ extension Archebase_Auth_V1_AdminAuthService { ) } - /// Call the "CreateApiKey" method. + /// Call the "CreateSiteApiKey" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_CreateApiKeyRequest` message. - /// - serializer: A serializer for `Archebase_Auth_V1_CreateApiKeyRequest` messages. - /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateApiKeyResponse` messages. + /// - request: A request containing a single `Archebase_Auth_V1_CreateSiteApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_CreateSiteApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateSiteApiKeyResponse` messages. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func createApiKey( - request: GRPCCore.ClientRequest, - serializer: some GRPCCore.MessageSerializer, - deserializer: some GRPCCore.MessageDeserializer, + public func createSiteApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { try await self.client.unary( request: request, - descriptor: Archebase_Auth_V1_AdminAuthService.Method.CreateApiKey.descriptor, + descriptor: Archebase_Auth_V1_AdminAuthService.Method.CreateSiteApiKey.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateOrRotateDeviceApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createOrRotateDeviceApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Archebase_Auth_V1_AdminAuthService.Method.CreateOrRotateDeviceApiKey.descriptor, serializer: serializer, deserializer: deserializer, options: options, @@ -1631,6 +1727,36 @@ extension Archebase_Auth_V1_AdminAuthService { ) } + /// Call the "UpdateApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_UpdateApiKeyRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_UpdateApiKeyResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func updateApiKey( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Archebase_Auth_V1_AdminAuthService.Method.UpdateApiKey.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } + /// Call the "EnableApiKey" method. /// /// - Parameters: @@ -1691,29 +1817,29 @@ extension Archebase_Auth_V1_AdminAuthService { ) } - /// Call the "UpdateApiKey" method. + /// Call the "RotateApiKeySecret" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. - /// - serializer: A serializer for `Archebase_Auth_V1_UpdateApiKeyRequest` messages. - /// - deserializer: A deserializer for `Archebase_Auth_V1_UpdateApiKeyResponse` messages. + /// - request: A request containing a single `Archebase_Auth_V1_RotateApiKeySecretRequest` message. + /// - serializer: A serializer for `Archebase_Auth_V1_RotateApiKeySecretRequest` messages. + /// - deserializer: A deserializer for `Archebase_Auth_V1_RotateApiKeySecretResponse` messages. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func updateApiKey( - request: GRPCCore.ClientRequest, - serializer: some GRPCCore.MessageSerializer, - deserializer: some GRPCCore.MessageDeserializer, + public func rotateApiKeySecret( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { try await self.client.unary( request: request, - descriptor: Archebase_Auth_V1_AdminAuthService.Method.UpdateApiKey.descriptor, + descriptor: Archebase_Auth_V1_AdminAuthService.Method.RotateApiKeySecret.descriptor, serializer: serializer, deserializer: deserializer, options: options, @@ -2081,26 +2207,51 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } - /// Call the "CreateApiKey" method. + /// Call the "CreateSiteApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_CreateSiteApiKeyRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createSiteApiKey( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.createSiteApiKey( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateOrRotateDeviceApiKey" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_CreateApiKeyRequest` message. + /// - request: A request containing a single `Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest` message. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func createApiKey( - request: GRPCCore.ClientRequest, + public func createOrRotateDeviceApiKey( + request: GRPCCore.ClientRequest, options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { - try await self.createApiKey( + try await self.createOrRotateDeviceApiKey( request: request, - serializer: GRPCProtobuf.ProtobufSerializer(), - deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), options: options, onResponse: handleResponse ) @@ -2156,6 +2307,31 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } + /// Call the "UpdateApiKey" method. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func updateApiKey( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.updateApiKey( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } + /// Call the "EnableApiKey" method. /// /// - Parameters: @@ -2206,26 +2382,26 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } - /// Call the "UpdateApiKey" method. + /// Call the "RotateApiKeySecret" method. /// /// - Parameters: - /// - request: A request containing a single `Archebase_Auth_V1_UpdateApiKeyRequest` message. + /// - request: A request containing a single `Archebase_Auth_V1_RotateApiKeySecretRequest` message. /// - options: Options to apply to this RPC. /// - handleResponse: A closure which handles the response, the result of which is /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func updateApiKey( - request: GRPCCore.ClientRequest, + public func rotateApiKeySecret( + request: GRPCCore.ClientRequest, options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { - try await self.updateApiKey( + try await self.rotateApiKeySecret( request: request, - serializer: GRPCProtobuf.ProtobufSerializer(), - deserializer: GRPCProtobuf.ProtobufDeserializer(), + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), options: options, onResponse: handleResponse ) @@ -2588,7 +2764,7 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } - /// Call the "CreateApiKey" method. + /// Call the "CreateSiteApiKey" method. /// /// - Parameters: /// - message: request message to send. @@ -2598,19 +2774,48 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func createApiKey( - _ message: Archebase_Auth_V1_CreateApiKeyRequest, + public func createSiteApiKey( + _ message: Archebase_Auth_V1_CreateSiteApiKeyRequest, metadata: GRPCCore.Metadata = [:], options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { - let request = GRPCCore.ClientRequest( + let request = GRPCCore.ClientRequest( message: message, metadata: metadata ) - return try await self.createApiKey( + return try await self.createSiteApiKey( + request: request, + options: options, + onResponse: handleResponse + ) + } + + /// Call the "CreateOrRotateDeviceApiKey" method. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func createOrRotateDeviceApiKey( + _ message: Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.createOrRotateDeviceApiKey( request: request, options: options, onResponse: handleResponse @@ -2675,6 +2880,35 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } + /// Call the "UpdateApiKey" method. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func updateApiKey( + _ message: Archebase_Auth_V1_UpdateApiKeyRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.updateApiKey( + request: request, + options: options, + onResponse: handleResponse + ) + } + /// Call the "EnableApiKey" method. /// /// - Parameters: @@ -2733,7 +2967,7 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { ) } - /// Call the "UpdateApiKey" method. + /// Call the "RotateApiKeySecret" method. /// /// - Parameters: /// - message: request message to send. @@ -2743,19 +2977,19 @@ extension Archebase_Auth_V1_AdminAuthService.ClientProtocol { /// returned to the caller. Returning from the closure will cancel the RPC if it /// hasn't already finished. /// - Returns: The result of `handleResponse`. - public func updateApiKey( - _ message: Archebase_Auth_V1_UpdateApiKeyRequest, + public func rotateApiKeySecret( + _ message: Archebase_Auth_V1_RotateApiKeySecretRequest, metadata: GRPCCore.Metadata = [:], options: GRPCCore.CallOptions = .defaults, - onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in try response.message } ) async throws -> Result where Result: Sendable { - let request = GRPCCore.ClientRequest( + let request = GRPCCore.ClientRequest( message: message, metadata: metadata ) - return try await self.updateApiKey( + return try await self.rotateApiKeySecret( request: request, options: options, onResponse: handleResponse diff --git a/Sources/DGWProto/Generated/auth.pb.swift b/Sources/DGWProto/Generated/auth.pb.swift index 7ebf25e..6e99798 100644 --- a/Sources/DGWProto/Generated/auth.pb.swift +++ b/Sources/DGWProto/Generated/auth.pb.swift @@ -20,11 +20,11 @@ fileprivate struct _GeneratedWithProtocGenSwiftVersion: SwiftProtobuf.ProtobufAP typealias Version = _2 } -public enum Archebase_Auth_V1_UserRole: SwiftProtobuf.Enum, Swift.CaseIterable { +public enum Archebase_Auth_V1_OrganizationKind: SwiftProtobuf.Enum, Swift.CaseIterable { public typealias RawValue = Int case unspecified // = 0 - case administrators // = 1 - case normalUsers // = 2 + case business // = 1 + case system // = 2 case UNRECOGNIZED(Int) public init() { @@ -34,8 +34,8 @@ public enum Archebase_Auth_V1_UserRole: SwiftProtobuf.Enum, Swift.CaseIterable { public init?(rawValue: Int) { switch rawValue { case 0: self = .unspecified - case 1: self = .administrators - case 2: self = .normalUsers + case 1: self = .business + case 2: self = .system default: self = .UNRECOGNIZED(rawValue) } } @@ -43,35 +43,26 @@ public enum Archebase_Auth_V1_UserRole: SwiftProtobuf.Enum, Swift.CaseIterable { public var rawValue: Int { switch self { case .unspecified: return 0 - case .administrators: return 1 - case .normalUsers: return 2 + case .business: return 1 + case .system: return 2 case .UNRECOGNIZED(let i): return i } } // The compiler won't synthesize support with the UNRECOGNIZED case. - public static let allCases: [Archebase_Auth_V1_UserRole] = [ + public static let allCases: [Archebase_Auth_V1_OrganizationKind] = [ .unspecified, - .administrators, - .normalUsers, + .business, + .system, ] } -/// Business identity, orthogonal to UserRole (privilege). See -/// docs/design/abac-design.md §3. Service accounts always carry -/// USER_CLASS_UNSPECIFIED; every HUMAN user must have one of the -/// concrete classes per ck_users_admin_class_consistency / -/// ck_users_normal_class_consistency / ck_users_service_account_class -/// in migration 0018. -public enum Archebase_Auth_V1_UserClass: SwiftProtobuf.Enum, Swift.CaseIterable { +public enum Archebase_Auth_V1_ApiKeyOwnerKind: SwiftProtobuf.Enum, Swift.CaseIterable { public typealias RawValue = Int case unspecified // = 0 - case systemAdmin // = 1 - case orgAdmin // = 2 - case annotator // = 3 - case reviewer // = 4 - case viewer // = 5 + case site // = 1 + case device // = 2 case UNRECOGNIZED(Int) public init() { @@ -81,11 +72,8 @@ public enum Archebase_Auth_V1_UserClass: SwiftProtobuf.Enum, Swift.CaseIterable public init?(rawValue: Int) { switch rawValue { case 0: self = .unspecified - case 1: self = .systemAdmin - case 2: self = .orgAdmin - case 3: self = .annotator - case 4: self = .reviewer - case 5: self = .viewer + case 1: self = .site + case 2: self = .device default: self = .UNRECOGNIZED(rawValue) } } @@ -93,23 +81,55 @@ public enum Archebase_Auth_V1_UserClass: SwiftProtobuf.Enum, Swift.CaseIterable public var rawValue: Int { switch self { case .unspecified: return 0 - case .systemAdmin: return 1 - case .orgAdmin: return 2 - case .annotator: return 3 - case .reviewer: return 4 - case .viewer: return 5 + case .site: return 1 + case .device: return 2 case .UNRECOGNIZED(let i): return i } } // The compiler won't synthesize support with the UNRECOGNIZED case. - public static let allCases: [Archebase_Auth_V1_UserClass] = [ + public static let allCases: [Archebase_Auth_V1_ApiKeyOwnerKind] = [ .unspecified, - .systemAdmin, - .orgAdmin, - .annotator, - .reviewer, - .viewer, + .site, + .device, + ] + +} + +public enum Archebase_Auth_V1_DeviceApiKeyMutationMode: SwiftProtobuf.Enum, Swift.CaseIterable { + public typealias RawValue = Int + case unspecified // = 0 + case createOnly // = 1 + case rotateOnly // = 2 + case UNRECOGNIZED(Int) + + public init() { + self = .unspecified + } + + public init?(rawValue: Int) { + switch rawValue { + case 0: self = .unspecified + case 1: self = .createOnly + case 2: self = .rotateOnly + default: self = .UNRECOGNIZED(rawValue) + } + } + + public var rawValue: Int { + switch self { + case .unspecified: return 0 + case .createOnly: return 1 + case .rotateOnly: return 2 + case .UNRECOGNIZED(let i): return i + } + } + + // The compiler won't synthesize support with the UNRECOGNIZED case. + public static let allCases: [Archebase_Auth_V1_DeviceApiKeyMutationMode] = [ + .unspecified, + .createOnly, + .rotateOnly, ] } @@ -169,7 +189,7 @@ public struct Archebase_Auth_V1_ExchangeCredentialRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var credentialBase64: String = String() + public var credential: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -187,13 +207,20 @@ public struct Archebase_Auth_V1_ExchangeCredentialResponse: Sendable { public var tokenType: String = String() - public var keyID: String = String() - - public var keyPrefix: String = String() + public var principal: Archebase_Auth_V1_ApiKeyPrincipal { + get {_principal ?? Archebase_Auth_V1_ApiKeyPrincipal()} + set {_principal = newValue} + } + /// Returns true if `principal` has been explicitly set. + public var hasPrincipal: Bool {self._principal != nil} + /// Clears the value of `principal`. Subsequent reads from it will return its default value. + public mutating func clearPrincipal() {self._principal = nil} public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} + + fileprivate var _principal: Archebase_Auth_V1_ApiKeyPrincipal? = nil } public struct Archebase_Auth_V1_LoginRequest: Sendable { @@ -212,50 +239,35 @@ public struct Archebase_Auth_V1_LoginRequest: Sendable { public init() {} } -public struct Archebase_Auth_V1_LoginResponse: @unchecked Sendable { +public struct Archebase_Auth_V1_LoginResponse: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var accessToken: String { - get {_storage._accessToken} - set {_uniqueStorage()._accessToken = newValue} - } + public var accessToken: String = String() - public var accessTokenExpiresAtUnix: Int64 { - get {_storage._accessTokenExpiresAtUnix} - set {_uniqueStorage()._accessTokenExpiresAtUnix = newValue} - } + public var accessTokenExpiresAtUnix: Int64 = 0 - public var refreshToken: String { - get {_storage._refreshToken} - set {_uniqueStorage()._refreshToken = newValue} - } + public var refreshToken: String = String() - public var refreshTokenExpiresAtUnix: Int64 { - get {_storage._refreshTokenExpiresAtUnix} - set {_uniqueStorage()._refreshTokenExpiresAtUnix = newValue} - } + public var refreshTokenExpiresAtUnix: Int64 = 0 - public var tokenType: String { - get {_storage._tokenType} - set {_uniqueStorage()._tokenType = newValue} - } + public var tokenType: String = String() public var user: Archebase_Auth_V1_User { - get {_storage._user ?? Archebase_Auth_V1_User()} - set {_uniqueStorage()._user = newValue} + get {_user ?? Archebase_Auth_V1_User()} + set {_user = newValue} } /// Returns true if `user` has been explicitly set. - public var hasUser: Bool {_storage._user != nil} + public var hasUser: Bool {self._user != nil} /// Clears the value of `user`. Subsequent reads from it will return its default value. - public mutating func clearUser() {_uniqueStorage()._user = nil} + public mutating func clearUser() {self._user = nil} public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} - fileprivate var _storage = _StorageClass.defaultInstance + fileprivate var _user: Archebase_Auth_V1_User? = nil } public struct Archebase_Auth_V1_RefreshTokenRequest: Sendable { @@ -270,50 +282,35 @@ public struct Archebase_Auth_V1_RefreshTokenRequest: Sendable { public init() {} } -public struct Archebase_Auth_V1_RefreshTokenResponse: @unchecked Sendable { +public struct Archebase_Auth_V1_RefreshTokenResponse: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var accessToken: String { - get {_storage._accessToken} - set {_uniqueStorage()._accessToken = newValue} - } + public var accessToken: String = String() - public var accessTokenExpiresAtUnix: Int64 { - get {_storage._accessTokenExpiresAtUnix} - set {_uniqueStorage()._accessTokenExpiresAtUnix = newValue} - } + public var accessTokenExpiresAtUnix: Int64 = 0 - public var refreshToken: String { - get {_storage._refreshToken} - set {_uniqueStorage()._refreshToken = newValue} - } + public var refreshToken: String = String() - public var refreshTokenExpiresAtUnix: Int64 { - get {_storage._refreshTokenExpiresAtUnix} - set {_uniqueStorage()._refreshTokenExpiresAtUnix = newValue} - } + public var refreshTokenExpiresAtUnix: Int64 = 0 - public var tokenType: String { - get {_storage._tokenType} - set {_uniqueStorage()._tokenType = newValue} - } + public var tokenType: String = String() public var user: Archebase_Auth_V1_User { - get {_storage._user ?? Archebase_Auth_V1_User()} - set {_uniqueStorage()._user = newValue} + get {_user ?? Archebase_Auth_V1_User()} + set {_user = newValue} } /// Returns true if `user` has been explicitly set. - public var hasUser: Bool {_storage._user != nil} + public var hasUser: Bool {self._user != nil} /// Clears the value of `user`. Subsequent reads from it will return its default value. - public mutating func clearUser() {_uniqueStorage()._user = nil} + public mutating func clearUser() {self._user = nil} public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} - fileprivate var _storage = _StorageClass.defaultInstance + fileprivate var _user: Archebase_Auth_V1_User? = nil } public struct Archebase_Auth_V1_ExchangeSystemCredentialRequest: Sendable { @@ -357,7 +354,12 @@ public struct Archebase_Auth_V1_User: Sendable { public var userName: String = String() - public var role: Archebase_Auth_V1_UserRole = .unspecified + /// Cedar-era role string. The single source of truth for a + /// HUMAN user's authorization identity. SERVICE_ACCOUNT + /// principals may leave this empty or carry a `system_sa_*` + /// identity role; a synthetic `system_service_account` role is + /// injected at PIP time, see `common/src/abac/subject.rs`. + public var role: String = String() public var lastLoginAt: SwiftProtobuf.Google_Protobuf_Timestamp { get {_lastLoginAt ?? SwiftProtobuf.Google_Protobuf_Timestamp()} @@ -386,8 +388,6 @@ public struct Archebase_Auth_V1_User: Sendable { /// Clears the value of `updatedAt`. Subsequent reads from it will return its default value. public mutating func clearUpdatedAt() {self._updatedAt = nil} - public var userClass: Archebase_Auth_V1_UserClass = .unspecified - public var organizationID: Int64 = 0 public var userID: Int64 = 0 @@ -428,6 +428,8 @@ public struct Archebase_Auth_V1_Organization: Sendable { /// Clears the value of `updatedAt`. Subsequent reads from it will return its default value. public mutating func clearUpdatedAt() {self._updatedAt = nil} + public var organizationKind: Archebase_Auth_V1_OrganizationKind = .unspecified + public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} @@ -473,16 +475,36 @@ public struct Archebase_Auth_V1_Site: Sendable { fileprivate var _updatedAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil } -public struct Archebase_Auth_V1_ApiKey: Sendable { +public struct Archebase_Auth_V1_ApiKeyPrincipal: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. public var siteID: Int64 = 0 - public var keyID: String = String() + public var apiKeyID: String = String() + + public var keyName: String = String() + + public var ownerKind: Archebase_Auth_V1_ApiKeyOwnerKind = .unspecified + + public var deviceID: String = String() + + public var suiteID: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} +} + +public struct Archebase_Auth_V1_ApiKey: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var apiKeyID: String = String() - public var keyPrefix: String = String() + public var keyName: String = String() public var status: Int32 = 0 @@ -504,12 +526,22 @@ public struct Archebase_Auth_V1_ApiKey: Sendable { /// Clears the value of `lastUsedAt`. Subsequent reads from it will return its default value. public mutating func clearLastUsedAt() {self._lastUsedAt = nil} + public var principal: Archebase_Auth_V1_ApiKeyPrincipal { + get {_principal ?? Archebase_Auth_V1_ApiKeyPrincipal()} + set {_principal = newValue} + } + /// Returns true if `principal` has been explicitly set. + public var hasPrincipal: Bool {self._principal != nil} + /// Clears the value of `principal`. Subsequent reads from it will return its default value. + public mutating func clearPrincipal() {self._principal = nil} + public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} fileprivate var _expiredAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil fileprivate var _lastUsedAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil + fileprivate var _principal: Archebase_Auth_V1_ApiKeyPrincipal? = nil } public struct Archebase_Auth_V1_CreateSiteRequest: Sendable { @@ -744,16 +776,64 @@ public struct Archebase_Auth_V1_DeleteSiteResponse: Sendable { public init() {} } -public struct Archebase_Auth_V1_CreateApiKeyRequest: Sendable { +public struct Archebase_Auth_V1_CreateSiteApiKeyRequest: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. public var siteID: Int64 = 0 - public var keyID: String = String() + public var keyName: String = String() - public var keyPrefix: String = String() + public var status: Int32 = 0 + + public var expiredAt: SwiftProtobuf.Google_Protobuf_Timestamp { + get {_expiredAt ?? SwiftProtobuf.Google_Protobuf_Timestamp()} + set {_expiredAt = newValue} + } + /// Returns true if `expiredAt` has been explicitly set. + public var hasExpiredAt: Bool {self._expiredAt != nil} + /// Clears the value of `expiredAt`. Subsequent reads from it will return its default value. + public mutating func clearExpiredAt() {self._expiredAt = nil} + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _expiredAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil +} + +public struct Archebase_Auth_V1_CreateSiteApiKeyResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var apiKey: Archebase_Auth_V1_ApiKey { + get {_apiKey ?? Archebase_Auth_V1_ApiKey()} + set {_apiKey = newValue} + } + /// Returns true if `apiKey` has been explicitly set. + public var hasApiKey: Bool {self._apiKey != nil} + /// Clears the value of `apiKey`. Subsequent reads from it will return its default value. + public mutating func clearApiKey() {self._apiKey = nil} + + public var credential: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _apiKey: Archebase_Auth_V1_ApiKey? = nil +} + +public struct Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var deviceID: String = String() + + public var keyName: String = String() public var status: Int32 = 0 @@ -766,7 +846,7 @@ public struct Archebase_Auth_V1_CreateApiKeyRequest: Sendable { /// Clears the value of `expiredAt`. Subsequent reads from it will return its default value. public mutating func clearExpiredAt() {self._expiredAt = nil} - public var rotateIfExists: Bool = false + public var mutationMode: Archebase_Auth_V1_DeviceApiKeyMutationMode = .unspecified public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -775,16 +855,27 @@ public struct Archebase_Auth_V1_CreateApiKeyRequest: Sendable { fileprivate var _expiredAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil } -public struct Archebase_Auth_V1_CreateApiKeyResponse: Sendable { +public struct Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var credentialBase64: String = String() + public var apiKey: Archebase_Auth_V1_ApiKey { + get {_apiKey ?? Archebase_Auth_V1_ApiKey()} + set {_apiKey = newValue} + } + /// Returns true if `apiKey` has been explicitly set. + public var hasApiKey: Bool {self._apiKey != nil} + /// Clears the value of `apiKey`. Subsequent reads from it will return its default value. + public mutating func clearApiKey() {self._apiKey = nil} + + public var credential: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} + + fileprivate var _apiKey: Archebase_Auth_V1_ApiKey? = nil } public struct Archebase_Auth_V1_GetApiKeyRequest: Sendable { @@ -792,9 +883,7 @@ public struct Archebase_Auth_V1_GetApiKeyRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var siteID: Int64 = 0 - - public var keyID: String = String() + public var apiKeyID: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -827,8 +916,13 @@ public struct Archebase_Auth_V1_ListApiKeysRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. + /// Use 0 to list API keys across all sites. public var siteID: Int64 = 0 + public var ownerKind: Archebase_Auth_V1_ApiKeyOwnerKind = .unspecified + + public var deviceID: String = String() + public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} @@ -851,9 +945,7 @@ public struct Archebase_Auth_V1_EnableApiKeyRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var siteID: Int64 = 0 - - public var keyID: String = String() + public var apiKeyID: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -886,9 +978,7 @@ public struct Archebase_Auth_V1_DisableApiKeyRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var siteID: Int64 = 0 - - public var keyID: String = String() + public var apiKeyID: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -921,27 +1011,16 @@ public struct Archebase_Auth_V1_UpdateApiKeyRequest: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var siteID: Int64 = 0 - - public var keyID: String = String() - - public var keyPrefix: String { - get {_keyPrefix ?? String()} - set {_keyPrefix = newValue} - } - /// Returns true if `keyPrefix` has been explicitly set. - public var hasKeyPrefix: Bool {self._keyPrefix != nil} - /// Clears the value of `keyPrefix`. Subsequent reads from it will return its default value. - public mutating func clearKeyPrefix() {self._keyPrefix = nil} + public var apiKeyID: String = String() - public var siteSecret: String { - get {_siteSecret ?? String()} - set {_siteSecret = newValue} + public var keyName: String { + get {_keyName ?? String()} + set {_keyName = newValue} } - /// Returns true if `siteSecret` has been explicitly set. - public var hasSiteSecret: Bool {self._siteSecret != nil} - /// Clears the value of `siteSecret`. Subsequent reads from it will return its default value. - public mutating func clearSiteSecret() {self._siteSecret = nil} + /// Returns true if `keyName` has been explicitly set. + public var hasKeyName: Bool {self._keyName != nil} + /// Clears the value of `keyName`. Subsequent reads from it will return its default value. + public mutating func clearKeyName() {self._keyName = nil} public var status: Int32 { get {_status ?? 0} @@ -967,8 +1046,7 @@ public struct Archebase_Auth_V1_UpdateApiKeyRequest: Sendable { public init() {} - fileprivate var _keyPrefix: String? = nil - fileprivate var _siteSecret: String? = nil + fileprivate var _keyName: String? = nil fileprivate var _status: Int32? = nil fileprivate var _expiredAt: SwiftProtobuf.Google_Protobuf_Timestamp? = nil } @@ -994,14 +1072,47 @@ public struct Archebase_Auth_V1_UpdateApiKeyResponse: Sendable { fileprivate var _apiKey: Archebase_Auth_V1_ApiKey? = nil } -public struct Archebase_Auth_V1_DeleteApiKeyRequest: Sendable { +public struct Archebase_Auth_V1_RotateApiKeySecretRequest: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - public var siteID: Int64 = 0 + public var apiKeyID: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() - public var keyID: String = String() + public init() {} +} + +public struct Archebase_Auth_V1_RotateApiKeySecretResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var apiKey: Archebase_Auth_V1_ApiKey { + get {_apiKey ?? Archebase_Auth_V1_ApiKey()} + set {_apiKey = newValue} + } + /// Returns true if `apiKey` has been explicitly set. + public var hasApiKey: Bool {self._apiKey != nil} + /// Clears the value of `apiKey`. Subsequent reads from it will return its default value. + public mutating func clearApiKey() {self._apiKey = nil} + + public var credential: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _apiKey: Archebase_Auth_V1_ApiKey? = nil +} + +public struct Archebase_Auth_V1_DeleteApiKeyRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + public var apiKeyID: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -1196,13 +1307,13 @@ public struct Archebase_Auth_V1_CreateUserRequest: Sendable { public var password: String = String() - public var role: Archebase_Auth_V1_UserRole = .unspecified - - /// Required for HUMAN users; service accounts carry - /// USER_CLASS_UNSPECIFIED implicitly. Server validates the - /// (role, account_kind, user_class) tuple per - /// docs/design/abac-design.md §3.3. - public var userClass: Archebase_Auth_V1_UserClass = .unspecified + /// Cedar role. Required and non-empty for HUMAN users. + /// SERVICE_ACCOUNT principals may leave this empty or carry a + /// `system_sa_*` identity role; the PIP always injects + /// `system_service_account` at runtime. Server rejects unknown + /// non-empty role names with `META_ROLE_UNKNOWN`, and refuses the + /// call if the role is not present in `roles`. + public var role: String = String() public var unknownFields = SwiftProtobuf.UnknownStorage() @@ -1301,8 +1412,12 @@ public struct Archebase_Auth_V1_UpdateUserRequest: Sendable { /// Clears the value of `password`. Subsequent reads from it will return its default value. public mutating func clearPassword() {self._password = nil} - public var role: Archebase_Auth_V1_UserRole { - get {_role ?? .unspecified} + /// Optional: change the Cedar role. Server rejects the update + /// if `role` is not registered, or if `min_required_holders` + /// would be breached by demoting the last holder of a critical + /// role. + public var role: String { + get {_role ?? String()} set {_role = newValue} } /// Returns true if `role` has been explicitly set. @@ -1310,26 +1425,12 @@ public struct Archebase_Auth_V1_UpdateUserRequest: Sendable { /// Clears the value of `role`. Subsequent reads from it will return its default value. public mutating func clearRole() {self._role = nil} - /// Optional: change the business identity. Server rejects the - /// update if the resulting (role, account_kind, user_class) tuple - /// violates the consistency constraints in - /// docs/design/abac-design.md §3.3. - public var userClass: Archebase_Auth_V1_UserClass { - get {_userClass ?? .unspecified} - set {_userClass = newValue} - } - /// Returns true if `userClass` has been explicitly set. - public var hasUserClass: Bool {self._userClass != nil} - /// Clears the value of `userClass`. Subsequent reads from it will return its default value. - public mutating func clearUserClass() {self._userClass = nil} - public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} fileprivate var _password: String? = nil - fileprivate var _role: Archebase_Auth_V1_UserRole? = nil - fileprivate var _userClass: Archebase_Auth_V1_UserClass? = nil + fileprivate var _role: String? = nil } public struct Archebase_Auth_V1_UpdateUserResponse: Sendable { @@ -1379,12 +1480,16 @@ public struct Archebase_Auth_V1_DeleteUserResponse: Sendable { fileprivate let _protobuf_package = "archebase.auth.v1" -extension Archebase_Auth_V1_UserRole: SwiftProtobuf._ProtoNameProviding { - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0USER_ROLE_UNSPECIFIED\0\u{1}USER_ROLE_ADMINISTRATORS\0\u{1}USER_ROLE_NORMAL_USERS\0") +extension Archebase_Auth_V1_OrganizationKind: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0ORGANIZATION_KIND_UNSPECIFIED\0\u{1}ORGANIZATION_KIND_BUSINESS\0\u{1}ORGANIZATION_KIND_SYSTEM\0") } -extension Archebase_Auth_V1_UserClass: SwiftProtobuf._ProtoNameProviding { - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0USER_CLASS_UNSPECIFIED\0\u{1}USER_CLASS_SYSTEM_ADMIN\0\u{1}USER_CLASS_ORG_ADMIN\0\u{1}USER_CLASS_ANNOTATOR\0\u{1}USER_CLASS_REVIEWER\0\u{1}USER_CLASS_VIEWER\0") +extension Archebase_Auth_V1_ApiKeyOwnerKind: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0API_KEY_OWNER_KIND_UNSPECIFIED\0\u{1}API_KEY_OWNER_KIND_SITE\0\u{1}API_KEY_OWNER_KIND_DEVICE\0") +} + +extension Archebase_Auth_V1_DeviceApiKeyMutationMode: SwiftProtobuf._ProtoNameProviding { + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{2}\0DEVICE_API_KEY_MUTATION_MODE_UNSPECIFIED\0\u{1}DEVICE_API_KEY_MUTATION_MODE_CREATE_ONLY\0\u{1}DEVICE_API_KEY_MUTATION_MODE_ROTATE_ONLY\0") } extension Archebase_Auth_V1_AuthErrorCode: SwiftProtobuf._ProtoNameProviding { @@ -1393,7 +1498,7 @@ extension Archebase_Auth_V1_AuthErrorCode: SwiftProtobuf._ProtoNameProviding { extension Archebase_Auth_V1_ExchangeCredentialRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".ExchangeCredentialRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}credential_base64\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}credential\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1401,21 +1506,21 @@ extension Archebase_Auth_V1_ExchangeCredentialRequest: SwiftProtobuf.Message, Sw // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularStringField(value: &self.credentialBase64) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.credential) }() default: break } } } public func traverse(visitor: inout V) throws { - if !self.credentialBase64.isEmpty { - try visitor.visitSingularStringField(value: self.credentialBase64, fieldNumber: 1) + if !self.credential.isEmpty { + try visitor.visitSingularStringField(value: self.credential, fieldNumber: 1) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_ExchangeCredentialRequest, rhs: Archebase_Auth_V1_ExchangeCredentialRequest) -> Bool { - if lhs.credentialBase64 != rhs.credentialBase64 {return false} + if lhs.credential != rhs.credential {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -1423,7 +1528,7 @@ extension Archebase_Auth_V1_ExchangeCredentialRequest: SwiftProtobuf.Message, Sw extension Archebase_Auth_V1_ExchangeCredentialResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".ExchangeCredentialResponse" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}access_token\0\u{3}expires_at_unix\0\u{3}token_type\0\u{3}key_id\0\u{3}key_prefix\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}access_token\0\u{3}expires_at_unix\0\u{3}token_type\0\u{1}principal\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1434,14 +1539,17 @@ extension Archebase_Auth_V1_ExchangeCredentialResponse: SwiftProtobuf.Message, S case 1: try { try decoder.decodeSingularStringField(value: &self.accessToken) }() case 2: try { try decoder.decodeSingularInt64Field(value: &self.expiresAtUnix) }() case 3: try { try decoder.decodeSingularStringField(value: &self.tokenType) }() - case 4: try { try decoder.decodeSingularStringField(value: &self.keyID) }() - case 5: try { try decoder.decodeSingularStringField(value: &self.keyPrefix) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._principal) }() default: break } } } public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 if !self.accessToken.isEmpty { try visitor.visitSingularStringField(value: self.accessToken, fieldNumber: 1) } @@ -1451,12 +1559,9 @@ extension Archebase_Auth_V1_ExchangeCredentialResponse: SwiftProtobuf.Message, S if !self.tokenType.isEmpty { try visitor.visitSingularStringField(value: self.tokenType, fieldNumber: 3) } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 4) - } - if !self.keyPrefix.isEmpty { - try visitor.visitSingularStringField(value: self.keyPrefix, fieldNumber: 5) - } + try { if let v = self._principal { + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) + } }() try unknownFields.traverse(visitor: &visitor) } @@ -1464,8 +1569,7 @@ extension Archebase_Auth_V1_ExchangeCredentialResponse: SwiftProtobuf.Message, S if lhs.accessToken != rhs.accessToken {return false} if lhs.expiresAtUnix != rhs.expiresAtUnix {return false} if lhs.tokenType != rhs.tokenType {return false} - if lhs.keyID != rhs.keyID {return false} - if lhs.keyPrefix != rhs.keyPrefix {return false} + if lhs._principal != rhs._principal {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -1515,102 +1619,56 @@ extension Archebase_Auth_V1_LoginResponse: SwiftProtobuf.Message, SwiftProtobuf. public static let protoMessageName: String = _protobuf_package + ".LoginResponse" public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}access_token\0\u{3}access_token_expires_at_unix\0\u{3}refresh_token\0\u{3}refresh_token_expires_at_unix\0\u{3}token_type\0\u{1}user\0") - fileprivate class _StorageClass { - var _accessToken: String = String() - var _accessTokenExpiresAtUnix: Int64 = 0 - var _refreshToken: String = String() - var _refreshTokenExpiresAtUnix: Int64 = 0 - var _tokenType: String = String() - var _user: Archebase_Auth_V1_User? = nil - - // This property is used as the initial default value for new instances of the type. - // The type itself is protecting the reference to its storage via CoW semantics. - // This will force a copy to be made of this reference when the first mutation occurs; - // hence, it is safe to mark this as `nonisolated(unsafe)`. - static nonisolated(unsafe) let defaultInstance = _StorageClass() - - private init() {} - - init(copying source: _StorageClass) { - _accessToken = source._accessToken - _accessTokenExpiresAtUnix = source._accessTokenExpiresAtUnix - _refreshToken = source._refreshToken - _refreshTokenExpiresAtUnix = source._refreshTokenExpiresAtUnix - _tokenType = source._tokenType - _user = source._user - } - } - - fileprivate mutating func _uniqueStorage() -> _StorageClass { - if !isKnownUniquelyReferenced(&_storage) { - _storage = _StorageClass(copying: _storage) - } - return _storage - } - public mutating func decodeMessage(decoder: inout D) throws { - _ = _uniqueStorage() - try withExtendedLifetime(_storage) { (_storage: _StorageClass) in - while let fieldNumber = try decoder.nextFieldNumber() { - // The use of inline closures is to circumvent an issue where the compiler - // allocates stack space for every case branch when no optimizations are - // enabled. https://github.com/apple/swift-protobuf/issues/1034 - switch fieldNumber { - case 1: try { try decoder.decodeSingularStringField(value: &_storage._accessToken) }() - case 2: try { try decoder.decodeSingularInt64Field(value: &_storage._accessTokenExpiresAtUnix) }() - case 3: try { try decoder.decodeSingularStringField(value: &_storage._refreshToken) }() - case 4: try { try decoder.decodeSingularInt64Field(value: &_storage._refreshTokenExpiresAtUnix) }() - case 5: try { try decoder.decodeSingularStringField(value: &_storage._tokenType) }() - case 6: try { try decoder.decodeSingularMessageField(value: &_storage._user) }() - default: break - } + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.accessToken) }() + case 2: try { try decoder.decodeSingularInt64Field(value: &self.accessTokenExpiresAtUnix) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.refreshToken) }() + case 4: try { try decoder.decodeSingularInt64Field(value: &self.refreshTokenExpiresAtUnix) }() + case 5: try { try decoder.decodeSingularStringField(value: &self.tokenType) }() + case 6: try { try decoder.decodeSingularMessageField(value: &self._user) }() + default: break } } } public func traverse(visitor: inout V) throws { - try withExtendedLifetime(_storage) { (_storage: _StorageClass) in - // The use of inline closures is to circumvent an issue where the compiler - // allocates stack space for every if/case branch local when no optimizations - // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and - // https://github.com/apple/swift-protobuf/issues/1182 - if !_storage._accessToken.isEmpty { - try visitor.visitSingularStringField(value: _storage._accessToken, fieldNumber: 1) - } - if _storage._accessTokenExpiresAtUnix != 0 { - try visitor.visitSingularInt64Field(value: _storage._accessTokenExpiresAtUnix, fieldNumber: 2) - } - if !_storage._refreshToken.isEmpty { - try visitor.visitSingularStringField(value: _storage._refreshToken, fieldNumber: 3) - } - if _storage._refreshTokenExpiresAtUnix != 0 { - try visitor.visitSingularInt64Field(value: _storage._refreshTokenExpiresAtUnix, fieldNumber: 4) - } - if !_storage._tokenType.isEmpty { - try visitor.visitSingularStringField(value: _storage._tokenType, fieldNumber: 5) - } - try { if let v = _storage._user { - try visitor.visitSingularMessageField(value: v, fieldNumber: 6) - } }() + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.accessToken.isEmpty { + try visitor.visitSingularStringField(value: self.accessToken, fieldNumber: 1) } + if self.accessTokenExpiresAtUnix != 0 { + try visitor.visitSingularInt64Field(value: self.accessTokenExpiresAtUnix, fieldNumber: 2) + } + if !self.refreshToken.isEmpty { + try visitor.visitSingularStringField(value: self.refreshToken, fieldNumber: 3) + } + if self.refreshTokenExpiresAtUnix != 0 { + try visitor.visitSingularInt64Field(value: self.refreshTokenExpiresAtUnix, fieldNumber: 4) + } + if !self.tokenType.isEmpty { + try visitor.visitSingularStringField(value: self.tokenType, fieldNumber: 5) + } + try { if let v = self._user { + try visitor.visitSingularMessageField(value: v, fieldNumber: 6) + } }() try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_LoginResponse, rhs: Archebase_Auth_V1_LoginResponse) -> Bool { - if lhs._storage !== rhs._storage { - let storagesAreEqual: Bool = withExtendedLifetime((lhs._storage, rhs._storage)) { (_args: (_StorageClass, _StorageClass)) in - let _storage = _args.0 - let rhs_storage = _args.1 - if _storage._accessToken != rhs_storage._accessToken {return false} - if _storage._accessTokenExpiresAtUnix != rhs_storage._accessTokenExpiresAtUnix {return false} - if _storage._refreshToken != rhs_storage._refreshToken {return false} - if _storage._refreshTokenExpiresAtUnix != rhs_storage._refreshTokenExpiresAtUnix {return false} - if _storage._tokenType != rhs_storage._tokenType {return false} - if _storage._user != rhs_storage._user {return false} - return true - } - if !storagesAreEqual {return false} - } + if lhs.accessToken != rhs.accessToken {return false} + if lhs.accessTokenExpiresAtUnix != rhs.accessTokenExpiresAtUnix {return false} + if lhs.refreshToken != rhs.refreshToken {return false} + if lhs.refreshTokenExpiresAtUnix != rhs.refreshTokenExpiresAtUnix {return false} + if lhs.tokenType != rhs.tokenType {return false} + if lhs._user != rhs._user {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -1650,102 +1708,56 @@ extension Archebase_Auth_V1_RefreshTokenResponse: SwiftProtobuf.Message, SwiftPr public static let protoMessageName: String = _protobuf_package + ".RefreshTokenResponse" public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}access_token\0\u{3}access_token_expires_at_unix\0\u{3}refresh_token\0\u{3}refresh_token_expires_at_unix\0\u{3}token_type\0\u{1}user\0") - fileprivate class _StorageClass { - var _accessToken: String = String() - var _accessTokenExpiresAtUnix: Int64 = 0 - var _refreshToken: String = String() - var _refreshTokenExpiresAtUnix: Int64 = 0 - var _tokenType: String = String() - var _user: Archebase_Auth_V1_User? = nil - - // This property is used as the initial default value for new instances of the type. - // The type itself is protecting the reference to its storage via CoW semantics. - // This will force a copy to be made of this reference when the first mutation occurs; - // hence, it is safe to mark this as `nonisolated(unsafe)`. - static nonisolated(unsafe) let defaultInstance = _StorageClass() - - private init() {} - - init(copying source: _StorageClass) { - _accessToken = source._accessToken - _accessTokenExpiresAtUnix = source._accessTokenExpiresAtUnix - _refreshToken = source._refreshToken - _refreshTokenExpiresAtUnix = source._refreshTokenExpiresAtUnix - _tokenType = source._tokenType - _user = source._user + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.accessToken) }() + case 2: try { try decoder.decodeSingularInt64Field(value: &self.accessTokenExpiresAtUnix) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.refreshToken) }() + case 4: try { try decoder.decodeSingularInt64Field(value: &self.refreshTokenExpiresAtUnix) }() + case 5: try { try decoder.decodeSingularStringField(value: &self.tokenType) }() + case 6: try { try decoder.decodeSingularMessageField(value: &self._user) }() + default: break + } } } - fileprivate mutating func _uniqueStorage() -> _StorageClass { - if !isKnownUniquelyReferenced(&_storage) { - _storage = _StorageClass(copying: _storage) + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.accessToken.isEmpty { + try visitor.visitSingularStringField(value: self.accessToken, fieldNumber: 1) } - return _storage - } - - public mutating func decodeMessage(decoder: inout D) throws { - _ = _uniqueStorage() - try withExtendedLifetime(_storage) { (_storage: _StorageClass) in - while let fieldNumber = try decoder.nextFieldNumber() { - // The use of inline closures is to circumvent an issue where the compiler - // allocates stack space for every case branch when no optimizations are - // enabled. https://github.com/apple/swift-protobuf/issues/1034 - switch fieldNumber { - case 1: try { try decoder.decodeSingularStringField(value: &_storage._accessToken) }() - case 2: try { try decoder.decodeSingularInt64Field(value: &_storage._accessTokenExpiresAtUnix) }() - case 3: try { try decoder.decodeSingularStringField(value: &_storage._refreshToken) }() - case 4: try { try decoder.decodeSingularInt64Field(value: &_storage._refreshTokenExpiresAtUnix) }() - case 5: try { try decoder.decodeSingularStringField(value: &_storage._tokenType) }() - case 6: try { try decoder.decodeSingularMessageField(value: &_storage._user) }() - default: break - } - } + if self.accessTokenExpiresAtUnix != 0 { + try visitor.visitSingularInt64Field(value: self.accessTokenExpiresAtUnix, fieldNumber: 2) } - } - - public func traverse(visitor: inout V) throws { - try withExtendedLifetime(_storage) { (_storage: _StorageClass) in - // The use of inline closures is to circumvent an issue where the compiler - // allocates stack space for every if/case branch local when no optimizations - // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and - // https://github.com/apple/swift-protobuf/issues/1182 - if !_storage._accessToken.isEmpty { - try visitor.visitSingularStringField(value: _storage._accessToken, fieldNumber: 1) - } - if _storage._accessTokenExpiresAtUnix != 0 { - try visitor.visitSingularInt64Field(value: _storage._accessTokenExpiresAtUnix, fieldNumber: 2) - } - if !_storage._refreshToken.isEmpty { - try visitor.visitSingularStringField(value: _storage._refreshToken, fieldNumber: 3) - } - if _storage._refreshTokenExpiresAtUnix != 0 { - try visitor.visitSingularInt64Field(value: _storage._refreshTokenExpiresAtUnix, fieldNumber: 4) - } - if !_storage._tokenType.isEmpty { - try visitor.visitSingularStringField(value: _storage._tokenType, fieldNumber: 5) - } - try { if let v = _storage._user { - try visitor.visitSingularMessageField(value: v, fieldNumber: 6) - } }() + if !self.refreshToken.isEmpty { + try visitor.visitSingularStringField(value: self.refreshToken, fieldNumber: 3) + } + if self.refreshTokenExpiresAtUnix != 0 { + try visitor.visitSingularInt64Field(value: self.refreshTokenExpiresAtUnix, fieldNumber: 4) } + if !self.tokenType.isEmpty { + try visitor.visitSingularStringField(value: self.tokenType, fieldNumber: 5) + } + try { if let v = self._user { + try visitor.visitSingularMessageField(value: v, fieldNumber: 6) + } }() try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_RefreshTokenResponse, rhs: Archebase_Auth_V1_RefreshTokenResponse) -> Bool { - if lhs._storage !== rhs._storage { - let storagesAreEqual: Bool = withExtendedLifetime((lhs._storage, rhs._storage)) { (_args: (_StorageClass, _StorageClass)) in - let _storage = _args.0 - let rhs_storage = _args.1 - if _storage._accessToken != rhs_storage._accessToken {return false} - if _storage._accessTokenExpiresAtUnix != rhs_storage._accessTokenExpiresAtUnix {return false} - if _storage._refreshToken != rhs_storage._refreshToken {return false} - if _storage._refreshTokenExpiresAtUnix != rhs_storage._refreshTokenExpiresAtUnix {return false} - if _storage._tokenType != rhs_storage._tokenType {return false} - if _storage._user != rhs_storage._user {return false} - return true - } - if !storagesAreEqual {return false} - } + if lhs.accessToken != rhs.accessToken {return false} + if lhs.accessTokenExpiresAtUnix != rhs.accessTokenExpiresAtUnix {return false} + if lhs.refreshToken != rhs.refreshToken {return false} + if lhs.refreshTokenExpiresAtUnix != rhs.refreshTokenExpiresAtUnix {return false} + if lhs.tokenType != rhs.tokenType {return false} + if lhs._user != rhs._user {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -1833,7 +1845,7 @@ extension Archebase_Auth_V1_ExchangeSystemCredentialResponse: SwiftProtobuf.Mess extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".User" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}organization\0\u{3}user_name\0\u{1}role\0\u{3}last_login_at\0\u{3}created_at\0\u{3}updated_at\0\u{3}user_class\0\u{3}organization_id\0\u{3}user_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}organization\0\u{3}user_name\0\u{1}role\0\u{3}last_login_at\0\u{3}created_at\0\u{3}updated_at\0\u{4}\u{2}organization_id\0\u{3}user_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1843,11 +1855,10 @@ extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageI switch fieldNumber { case 1: try { try decoder.decodeSingularStringField(value: &self.organization) }() case 2: try { try decoder.decodeSingularStringField(value: &self.userName) }() - case 3: try { try decoder.decodeSingularEnumField(value: &self.role) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.role) }() case 4: try { try decoder.decodeSingularMessageField(value: &self._lastLoginAt) }() case 5: try { try decoder.decodeSingularMessageField(value: &self._createdAt) }() case 6: try { try decoder.decodeSingularMessageField(value: &self._updatedAt) }() - case 7: try { try decoder.decodeSingularEnumField(value: &self.userClass) }() case 8: try { try decoder.decodeSingularInt64Field(value: &self.organizationID) }() case 9: try { try decoder.decodeSingularInt64Field(value: &self.userID) }() default: break @@ -1866,8 +1877,8 @@ extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageI if !self.userName.isEmpty { try visitor.visitSingularStringField(value: self.userName, fieldNumber: 2) } - if self.role != .unspecified { - try visitor.visitSingularEnumField(value: self.role, fieldNumber: 3) + if !self.role.isEmpty { + try visitor.visitSingularStringField(value: self.role, fieldNumber: 3) } try { if let v = self._lastLoginAt { try visitor.visitSingularMessageField(value: v, fieldNumber: 4) @@ -1878,9 +1889,6 @@ extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageI try { if let v = self._updatedAt { try visitor.visitSingularMessageField(value: v, fieldNumber: 6) } }() - if self.userClass != .unspecified { - try visitor.visitSingularEnumField(value: self.userClass, fieldNumber: 7) - } if self.organizationID != 0 { try visitor.visitSingularInt64Field(value: self.organizationID, fieldNumber: 8) } @@ -1897,7 +1905,6 @@ extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageI if lhs._lastLoginAt != rhs._lastLoginAt {return false} if lhs._createdAt != rhs._createdAt {return false} if lhs._updatedAt != rhs._updatedAt {return false} - if lhs.userClass != rhs.userClass {return false} if lhs.organizationID != rhs.organizationID {return false} if lhs.userID != rhs.userID {return false} if lhs.unknownFields != rhs.unknownFields {return false} @@ -1907,7 +1914,7 @@ extension Archebase_Auth_V1_User: SwiftProtobuf.Message, SwiftProtobuf._MessageI extension Archebase_Auth_V1_Organization: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".Organization" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}organization\0\u{3}display_name\0\u{3}created_at\0\u{3}updated_at\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}organization\0\u{3}display_name\0\u{3}created_at\0\u{3}updated_at\0\u{3}organization_kind\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1919,6 +1926,7 @@ extension Archebase_Auth_V1_Organization: SwiftProtobuf.Message, SwiftProtobuf._ case 2: try { try decoder.decodeSingularStringField(value: &self.displayName) }() case 3: try { try decoder.decodeSingularMessageField(value: &self._createdAt) }() case 4: try { try decoder.decodeSingularMessageField(value: &self._updatedAt) }() + case 5: try { try decoder.decodeSingularEnumField(value: &self.organizationKind) }() default: break } } @@ -1941,6 +1949,9 @@ extension Archebase_Auth_V1_Organization: SwiftProtobuf.Message, SwiftProtobuf._ try { if let v = self._updatedAt { try visitor.visitSingularMessageField(value: v, fieldNumber: 4) } }() + if self.organizationKind != .unspecified { + try visitor.visitSingularEnumField(value: self.organizationKind, fieldNumber: 5) + } try unknownFields.traverse(visitor: &visitor) } @@ -1949,6 +1960,7 @@ extension Archebase_Auth_V1_Organization: SwiftProtobuf.Message, SwiftProtobuf._ if lhs.displayName != rhs.displayName {return false} if lhs._createdAt != rhs._createdAt {return false} if lhs._updatedAt != rhs._updatedAt {return false} + if lhs.organizationKind != rhs.organizationKind {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2008,9 +2020,64 @@ extension Archebase_Auth_V1_Site: SwiftProtobuf.Message, SwiftProtobuf._MessageI } } +extension Archebase_Auth_V1_ApiKeyPrincipal: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ApiKeyPrincipal" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}api_key_id\0\u{3}key_name\0\u{3}owner_kind\0\u{3}device_id\0\u{3}suite_id\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.keyName) }() + case 4: try { try decoder.decodeSingularEnumField(value: &self.ownerKind) }() + case 5: try { try decoder.decodeSingularStringField(value: &self.deviceID) }() + case 6: try { try decoder.decodeSingularStringField(value: &self.suiteID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if self.siteID != 0 { + try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) + } + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 2) + } + if !self.keyName.isEmpty { + try visitor.visitSingularStringField(value: self.keyName, fieldNumber: 3) + } + if self.ownerKind != .unspecified { + try visitor.visitSingularEnumField(value: self.ownerKind, fieldNumber: 4) + } + if !self.deviceID.isEmpty { + try visitor.visitSingularStringField(value: self.deviceID, fieldNumber: 5) + } + if !self.suiteID.isEmpty { + try visitor.visitSingularStringField(value: self.suiteID, fieldNumber: 6) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_Auth_V1_ApiKeyPrincipal, rhs: Archebase_Auth_V1_ApiKeyPrincipal) -> Bool { + if lhs.siteID != rhs.siteID {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} + if lhs.keyName != rhs.keyName {return false} + if lhs.ownerKind != rhs.ownerKind {return false} + if lhs.deviceID != rhs.deviceID {return false} + if lhs.suiteID != rhs.suiteID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + extension Archebase_Auth_V1_ApiKey: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".ApiKey" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0\u{3}key_prefix\0\u{1}status\0\u{3}expired_at\0\u{3}last_used_at\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0\u{3}key_name\0\u{1}status\0\u{3}expired_at\0\u{3}last_used_at\0\u{1}principal\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2018,12 +2085,12 @@ extension Archebase_Auth_V1_ApiKey: SwiftProtobuf.Message, SwiftProtobuf._Messag // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() - case 3: try { try decoder.decodeSingularStringField(value: &self.keyPrefix) }() - case 4: try { try decoder.decodeSingularInt32Field(value: &self.status) }() - case 5: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() - case 6: try { try decoder.decodeSingularMessageField(value: &self._lastUsedAt) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.keyName) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self.status) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() + case 5: try { try decoder.decodeSingularMessageField(value: &self._lastUsedAt) }() + case 6: try { try decoder.decodeSingularMessageField(value: &self._principal) }() default: break } } @@ -2034,34 +2101,34 @@ extension Archebase_Auth_V1_ApiKey: SwiftProtobuf.Message, SwiftProtobuf._Messag // allocates stack space for every if/case branch local when no optimizations // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and // https://github.com/apple/swift-protobuf/issues/1182 - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } - if !self.keyPrefix.isEmpty { - try visitor.visitSingularStringField(value: self.keyPrefix, fieldNumber: 3) + if !self.keyName.isEmpty { + try visitor.visitSingularStringField(value: self.keyName, fieldNumber: 2) } if self.status != 0 { - try visitor.visitSingularInt32Field(value: self.status, fieldNumber: 4) + try visitor.visitSingularInt32Field(value: self.status, fieldNumber: 3) } try { if let v = self._expiredAt { - try visitor.visitSingularMessageField(value: v, fieldNumber: 5) + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) } }() try { if let v = self._lastUsedAt { + try visitor.visitSingularMessageField(value: v, fieldNumber: 5) + } }() + try { if let v = self._principal { try visitor.visitSingularMessageField(value: v, fieldNumber: 6) } }() try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_ApiKey, rhs: Archebase_Auth_V1_ApiKey) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} - if lhs.keyPrefix != rhs.keyPrefix {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} + if lhs.keyName != rhs.keyName {return false} if lhs.status != rhs.status {return false} if lhs._expiredAt != rhs._expiredAt {return false} if lhs._lastUsedAt != rhs._lastUsedAt {return false} + if lhs._principal != rhs._principal {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2504,9 +2571,9 @@ extension Archebase_Auth_V1_DeleteSiteResponse: SwiftProtobuf.Message, SwiftProt } } -extension Archebase_Auth_V1_CreateApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { - public static let protoMessageName: String = _protobuf_package + ".CreateApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0\u{3}key_prefix\0\u{1}status\0\u{3}expired_at\0\u{3}rotate_if_exists\0") +extension Archebase_Auth_V1_CreateSiteApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateSiteApiKeyRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_name\0\u{1}status\0\u{3}expired_at\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2515,11 +2582,9 @@ extension Archebase_Auth_V1_CreateApiKeyRequest: SwiftProtobuf.Message, SwiftPro // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() - case 3: try { try decoder.decodeSingularStringField(value: &self.keyPrefix) }() - case 4: try { try decoder.decodeSingularInt32Field(value: &self.status) }() - case 5: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() - case 6: try { try decoder.decodeSingularBoolField(value: &self.rotateIfExists) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.keyName) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self.status) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() default: break } } @@ -2533,39 +2598,124 @@ extension Archebase_Auth_V1_CreateApiKeyRequest: SwiftProtobuf.Message, SwiftPro if self.siteID != 0 { try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.keyName.isEmpty { + try visitor.visitSingularStringField(value: self.keyName, fieldNumber: 2) + } + if self.status != 0 { + try visitor.visitSingularInt32Field(value: self.status, fieldNumber: 3) + } + try { if let v = self._expiredAt { + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) + } }() + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_Auth_V1_CreateSiteApiKeyRequest, rhs: Archebase_Auth_V1_CreateSiteApiKeyRequest) -> Bool { + if lhs.siteID != rhs.siteID {return false} + if lhs.keyName != rhs.keyName {return false} + if lhs.status != rhs.status {return false} + if lhs._expiredAt != rhs._expiredAt {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Archebase_Auth_V1_CreateSiteApiKeyResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateSiteApiKeyResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key\0\u{1}credential\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularMessageField(value: &self._apiKey) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.credential) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._apiKey { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if !self.credential.isEmpty { + try visitor.visitSingularStringField(value: self.credential, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_Auth_V1_CreateSiteApiKeyResponse, rhs: Archebase_Auth_V1_CreateSiteApiKeyResponse) -> Bool { + if lhs._apiKey != rhs._apiKey {return false} + if lhs.credential != rhs.credential {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateOrRotateDeviceApiKeyRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}device_id\0\u{3}key_name\0\u{1}status\0\u{3}expired_at\0\u{3}mutation_mode\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.deviceID) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.keyName) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self.status) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() + case 5: try { try decoder.decodeSingularEnumField(value: &self.mutationMode) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + if !self.deviceID.isEmpty { + try visitor.visitSingularStringField(value: self.deviceID, fieldNumber: 1) } - if !self.keyPrefix.isEmpty { - try visitor.visitSingularStringField(value: self.keyPrefix, fieldNumber: 3) + if !self.keyName.isEmpty { + try visitor.visitSingularStringField(value: self.keyName, fieldNumber: 2) } if self.status != 0 { - try visitor.visitSingularInt32Field(value: self.status, fieldNumber: 4) + try visitor.visitSingularInt32Field(value: self.status, fieldNumber: 3) } try { if let v = self._expiredAt { - try visitor.visitSingularMessageField(value: v, fieldNumber: 5) + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) } }() - if self.rotateIfExists != false { - try visitor.visitSingularBoolField(value: self.rotateIfExists, fieldNumber: 6) + if self.mutationMode != .unspecified { + try visitor.visitSingularEnumField(value: self.mutationMode, fieldNumber: 5) } try unknownFields.traverse(visitor: &visitor) } - public static func ==(lhs: Archebase_Auth_V1_CreateApiKeyRequest, rhs: Archebase_Auth_V1_CreateApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} - if lhs.keyPrefix != rhs.keyPrefix {return false} + public static func ==(lhs: Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest, rhs: Archebase_Auth_V1_CreateOrRotateDeviceApiKeyRequest) -> Bool { + if lhs.deviceID != rhs.deviceID {return false} + if lhs.keyName != rhs.keyName {return false} if lhs.status != rhs.status {return false} if lhs._expiredAt != rhs._expiredAt {return false} - if lhs.rotateIfExists != rhs.rotateIfExists {return false} + if lhs.mutationMode != rhs.mutationMode {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } } -extension Archebase_Auth_V1_CreateApiKeyResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { - public static let protoMessageName: String = _protobuf_package + ".CreateApiKeyResponse" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}credential_base64\0") +extension Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".CreateOrRotateDeviceApiKeyResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key\0\u{1}credential\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2573,21 +2723,30 @@ extension Archebase_Auth_V1_CreateApiKeyResponse: SwiftProtobuf.Message, SwiftPr // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularStringField(value: &self.credentialBase64) }() + case 1: try { try decoder.decodeSingularMessageField(value: &self._apiKey) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.credential) }() default: break } } } public func traverse(visitor: inout V) throws { - if !self.credentialBase64.isEmpty { - try visitor.visitSingularStringField(value: self.credentialBase64, fieldNumber: 1) + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._apiKey { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if !self.credential.isEmpty { + try visitor.visitSingularStringField(value: self.credential, fieldNumber: 2) } try unknownFields.traverse(visitor: &visitor) } - public static func ==(lhs: Archebase_Auth_V1_CreateApiKeyResponse, rhs: Archebase_Auth_V1_CreateApiKeyResponse) -> Bool { - if lhs.credentialBase64 != rhs.credentialBase64 {return false} + public static func ==(lhs: Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse, rhs: Archebase_Auth_V1_CreateOrRotateDeviceApiKeyResponse) -> Bool { + if lhs._apiKey != rhs._apiKey {return false} + if lhs.credential != rhs.credential {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2595,7 +2754,7 @@ extension Archebase_Auth_V1_CreateApiKeyResponse: SwiftProtobuf.Message, SwiftPr extension Archebase_Auth_V1_GetApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".GetApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2603,26 +2762,21 @@ extension Archebase_Auth_V1_GetApiKeyRequest: SwiftProtobuf.Message, SwiftProtob // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() default: break } } } public func traverse(visitor: inout V) throws { - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_GetApiKeyRequest, rhs: Archebase_Auth_V1_GetApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2664,7 +2818,7 @@ extension Archebase_Auth_V1_GetApiKeyResponse: SwiftProtobuf.Message, SwiftProto extension Archebase_Auth_V1_ListApiKeysRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".ListApiKeysRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}owner_kind\0\u{3}device_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2673,6 +2827,8 @@ extension Archebase_Auth_V1_ListApiKeysRequest: SwiftProtobuf.Message, SwiftProt // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() + case 2: try { try decoder.decodeSingularEnumField(value: &self.ownerKind) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.deviceID) }() default: break } } @@ -2682,11 +2838,19 @@ extension Archebase_Auth_V1_ListApiKeysRequest: SwiftProtobuf.Message, SwiftProt if self.siteID != 0 { try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) } + if self.ownerKind != .unspecified { + try visitor.visitSingularEnumField(value: self.ownerKind, fieldNumber: 2) + } + if !self.deviceID.isEmpty { + try visitor.visitSingularStringField(value: self.deviceID, fieldNumber: 3) + } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_ListApiKeysRequest, rhs: Archebase_Auth_V1_ListApiKeysRequest) -> Bool { if lhs.siteID != rhs.siteID {return false} + if lhs.ownerKind != rhs.ownerKind {return false} + if lhs.deviceID != rhs.deviceID {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2724,7 +2888,7 @@ extension Archebase_Auth_V1_ListApiKeysResponse: SwiftProtobuf.Message, SwiftPro extension Archebase_Auth_V1_EnableApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".EnableApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2732,26 +2896,21 @@ extension Archebase_Auth_V1_EnableApiKeyRequest: SwiftProtobuf.Message, SwiftPro // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() default: break } } } public func traverse(visitor: inout V) throws { - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_EnableApiKeyRequest, rhs: Archebase_Auth_V1_EnableApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2793,7 +2952,7 @@ extension Archebase_Auth_V1_EnableApiKeyResponse: SwiftProtobuf.Message, SwiftPr extension Archebase_Auth_V1_DisableApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".DisableApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2801,26 +2960,21 @@ extension Archebase_Auth_V1_DisableApiKeyRequest: SwiftProtobuf.Message, SwiftPr // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() default: break } } } public func traverse(visitor: inout V) throws { - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_DisableApiKeyRequest, rhs: Archebase_Auth_V1_DisableApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2862,7 +3016,7 @@ extension Archebase_Auth_V1_DisableApiKeyResponse: SwiftProtobuf.Message, SwiftP extension Archebase_Auth_V1_UpdateApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".UpdateApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0\u{3}key_prefix\0\u{3}site_secret\0\u{1}status\0\u{3}expired_at\0\u{3}clear_expired_at\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0\u{3}key_name\0\u{1}status\0\u{3}expired_at\0\u{3}clear_expired_at\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2870,13 +3024,11 @@ extension Archebase_Auth_V1_UpdateApiKeyRequest: SwiftProtobuf.Message, SwiftPro // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() - case 3: try { try decoder.decodeSingularStringField(value: &self._keyPrefix) }() - case 4: try { try decoder.decodeSingularStringField(value: &self._siteSecret) }() - case 5: try { try decoder.decodeSingularInt32Field(value: &self._status) }() - case 6: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() - case 7: try { try decoder.decodeSingularBoolField(value: &self.clearExpiredAt_p) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() + case 2: try { try decoder.decodeSingularStringField(value: &self._keyName) }() + case 3: try { try decoder.decodeSingularInt32Field(value: &self._status) }() + case 4: try { try decoder.decodeSingularMessageField(value: &self._expiredAt) }() + case 5: try { try decoder.decodeSingularBoolField(value: &self.clearExpiredAt_p) }() default: break } } @@ -2887,35 +3039,27 @@ extension Archebase_Auth_V1_UpdateApiKeyRequest: SwiftProtobuf.Message, SwiftPro // allocates stack space for every if/case branch local when no optimizations // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and // https://github.com/apple/swift-protobuf/issues/1182 - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } - try { if let v = self._keyPrefix { - try visitor.visitSingularStringField(value: v, fieldNumber: 3) - } }() - try { if let v = self._siteSecret { - try visitor.visitSingularStringField(value: v, fieldNumber: 4) + try { if let v = self._keyName { + try visitor.visitSingularStringField(value: v, fieldNumber: 2) } }() try { if let v = self._status { - try visitor.visitSingularInt32Field(value: v, fieldNumber: 5) + try visitor.visitSingularInt32Field(value: v, fieldNumber: 3) } }() try { if let v = self._expiredAt { - try visitor.visitSingularMessageField(value: v, fieldNumber: 6) + try visitor.visitSingularMessageField(value: v, fieldNumber: 4) } }() if self.clearExpiredAt_p != false { - try visitor.visitSingularBoolField(value: self.clearExpiredAt_p, fieldNumber: 7) + try visitor.visitSingularBoolField(value: self.clearExpiredAt_p, fieldNumber: 5) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_UpdateApiKeyRequest, rhs: Archebase_Auth_V1_UpdateApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} - if lhs._keyPrefix != rhs._keyPrefix {return false} - if lhs._siteSecret != rhs._siteSecret {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} + if lhs._keyName != rhs._keyName {return false} if lhs._status != rhs._status {return false} if lhs._expiredAt != rhs._expiredAt {return false} if lhs.clearExpiredAt_p != rhs.clearExpiredAt_p {return false} @@ -2958,9 +3102,78 @@ extension Archebase_Auth_V1_UpdateApiKeyResponse: SwiftProtobuf.Message, SwiftPr } } +extension Archebase_Auth_V1_RotateApiKeySecretRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".RotateApiKeySecretRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_Auth_V1_RotateApiKeySecretRequest, rhs: Archebase_Auth_V1_RotateApiKeySecretRequest) -> Bool { + if lhs.apiKeyID != rhs.apiKeyID {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Archebase_Auth_V1_RotateApiKeySecretResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".RotateApiKeySecretResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key\0\u{1}credential\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularMessageField(value: &self._apiKey) }() + case 2: try { try decoder.decodeSingularStringField(value: &self.credential) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._apiKey { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if !self.credential.isEmpty { + try visitor.visitSingularStringField(value: self.credential, fieldNumber: 2) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_Auth_V1_RotateApiKeySecretResponse, rhs: Archebase_Auth_V1_RotateApiKeySecretResponse) -> Bool { + if lhs._apiKey != rhs._apiKey {return false} + if lhs.credential != rhs.credential {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + extension Archebase_Auth_V1_DeleteApiKeyRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".DeleteApiKeyRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}site_id\0\u{3}key_id\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}api_key_id\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -2968,26 +3181,21 @@ extension Archebase_Auth_V1_DeleteApiKeyRequest: SwiftProtobuf.Message, SwiftPro // allocates stack space for every case branch when no optimizations are // enabled. https://github.com/apple/swift-protobuf/issues/1034 switch fieldNumber { - case 1: try { try decoder.decodeSingularInt64Field(value: &self.siteID) }() - case 2: try { try decoder.decodeSingularStringField(value: &self.keyID) }() + case 1: try { try decoder.decodeSingularStringField(value: &self.apiKeyID) }() default: break } } } public func traverse(visitor: inout V) throws { - if self.siteID != 0 { - try visitor.visitSingularInt64Field(value: self.siteID, fieldNumber: 1) - } - if !self.keyID.isEmpty { - try visitor.visitSingularStringField(value: self.keyID, fieldNumber: 2) + if !self.apiKeyID.isEmpty { + try visitor.visitSingularStringField(value: self.apiKeyID, fieldNumber: 1) } try unknownFields.traverse(visitor: &visitor) } public static func ==(lhs: Archebase_Auth_V1_DeleteApiKeyRequest, rhs: Archebase_Auth_V1_DeleteApiKeyRequest) -> Bool { - if lhs.siteID != rhs.siteID {return false} - if lhs.keyID != rhs.keyID {return false} + if lhs.apiKeyID != rhs.apiKeyID {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -3371,7 +3579,7 @@ extension Archebase_Auth_V1_DeleteOrganizationResponse: SwiftProtobuf.Message, S extension Archebase_Auth_V1_CreateUserRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".CreateUserRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}user_name\0\u{1}password\0\u{1}role\0\u{3}user_class\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}user_name\0\u{1}password\0\u{1}role\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -3381,8 +3589,7 @@ extension Archebase_Auth_V1_CreateUserRequest: SwiftProtobuf.Message, SwiftProto switch fieldNumber { case 1: try { try decoder.decodeSingularStringField(value: &self.userName) }() case 2: try { try decoder.decodeSingularStringField(value: &self.password) }() - case 3: try { try decoder.decodeSingularEnumField(value: &self.role) }() - case 4: try { try decoder.decodeSingularEnumField(value: &self.userClass) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.role) }() default: break } } @@ -3395,11 +3602,8 @@ extension Archebase_Auth_V1_CreateUserRequest: SwiftProtobuf.Message, SwiftProto if !self.password.isEmpty { try visitor.visitSingularStringField(value: self.password, fieldNumber: 2) } - if self.role != .unspecified { - try visitor.visitSingularEnumField(value: self.role, fieldNumber: 3) - } - if self.userClass != .unspecified { - try visitor.visitSingularEnumField(value: self.userClass, fieldNumber: 4) + if !self.role.isEmpty { + try visitor.visitSingularStringField(value: self.role, fieldNumber: 3) } try unknownFields.traverse(visitor: &visitor) } @@ -3408,7 +3612,6 @@ extension Archebase_Auth_V1_CreateUserRequest: SwiftProtobuf.Message, SwiftProto if lhs.userName != rhs.userName {return false} if lhs.password != rhs.password {return false} if lhs.role != rhs.role {return false} - if lhs.userClass != rhs.userClass {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -3563,7 +3766,7 @@ extension Archebase_Auth_V1_ListUsersResponse: SwiftProtobuf.Message, SwiftProto extension Archebase_Auth_V1_UpdateUserRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".UpdateUserRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}user_name\0\u{1}password\0\u{1}role\0\u{3}user_class\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}user_name\0\u{1}password\0\u{1}role\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -3573,8 +3776,7 @@ extension Archebase_Auth_V1_UpdateUserRequest: SwiftProtobuf.Message, SwiftProto switch fieldNumber { case 1: try { try decoder.decodeSingularStringField(value: &self.userName) }() case 2: try { try decoder.decodeSingularStringField(value: &self._password) }() - case 3: try { try decoder.decodeSingularEnumField(value: &self._role) }() - case 4: try { try decoder.decodeSingularEnumField(value: &self._userClass) }() + case 3: try { try decoder.decodeSingularStringField(value: &self._role) }() default: break } } @@ -3592,10 +3794,7 @@ extension Archebase_Auth_V1_UpdateUserRequest: SwiftProtobuf.Message, SwiftProto try visitor.visitSingularStringField(value: v, fieldNumber: 2) } }() try { if let v = self._role { - try visitor.visitSingularEnumField(value: v, fieldNumber: 3) - } }() - try { if let v = self._userClass { - try visitor.visitSingularEnumField(value: v, fieldNumber: 4) + try visitor.visitSingularStringField(value: v, fieldNumber: 3) } }() try unknownFields.traverse(visitor: &visitor) } @@ -3604,7 +3803,6 @@ extension Archebase_Auth_V1_UpdateUserRequest: SwiftProtobuf.Message, SwiftProto if lhs.userName != rhs.userName {return false} if lhs._password != rhs._password {return false} if lhs._role != rhs._role {return false} - if lhs._userClass != rhs._userClass {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } diff --git a/Sources/DGWProto/Generated/data_gateway.grpc.swift b/Sources/DGWProto/Generated/data_gateway.grpc.swift index c6ffdc7..8047021 100644 --- a/Sources/DGWProto/Generated/data_gateway.grpc.swift +++ b/Sources/DGWProto/Generated/data_gateway.grpc.swift @@ -113,6 +113,12 @@ extension Archebase_DataGateway_V1_DataGatewayService { public protocol ClientProtocol: Sendable { /// Call the "CreateLogicalUpload" method. /// + /// > Source IDL Documentation: + /// > + /// > Upload RPCs are scoped exclusively by the bearer API-key principal + /// > stamped by the public interceptor. Clients never send site_id or any + /// > other owner identifier on this surface. + /// /// - Parameters: /// - request: A request containing a single `Archebase_DataGateway_V1_CreateLogicalUploadRequest` message. /// - serializer: A serializer for `Archebase_DataGateway_V1_CreateLogicalUploadRequest` messages. @@ -225,6 +231,12 @@ extension Archebase_DataGateway_V1_DataGatewayService { /// Call the "CreateLogicalUpload" method. /// + /// > Source IDL Documentation: + /// > + /// > Upload RPCs are scoped exclusively by the bearer API-key principal + /// > stamped by the public interceptor. Clients never send site_id or any + /// > other owner identifier on this surface. + /// /// - Parameters: /// - request: A request containing a single `Archebase_DataGateway_V1_CreateLogicalUploadRequest` message. /// - serializer: A serializer for `Archebase_DataGateway_V1_CreateLogicalUploadRequest` messages. @@ -380,6 +392,12 @@ extension Archebase_DataGateway_V1_DataGatewayService { extension Archebase_DataGateway_V1_DataGatewayService.ClientProtocol { /// Call the "CreateLogicalUpload" method. /// + /// > Source IDL Documentation: + /// > + /// > Upload RPCs are scoped exclusively by the bearer API-key principal + /// > stamped by the public interceptor. Clients never send site_id or any + /// > other owner identifier on this surface. + /// /// - Parameters: /// - request: A request containing a single `Archebase_DataGateway_V1_CreateLogicalUploadRequest` message. /// - options: Options to apply to this RPC. @@ -509,6 +527,12 @@ extension Archebase_DataGateway_V1_DataGatewayService.ClientProtocol { extension Archebase_DataGateway_V1_DataGatewayService.ClientProtocol { /// Call the "CreateLogicalUpload" method. /// + /// > Source IDL Documentation: + /// > + /// > Upload RPCs are scoped exclusively by the bearer API-key principal + /// > stamped by the public interceptor. Clients never send site_id or any + /// > other owner identifier on this surface. + /// /// - Parameters: /// - message: request message to send. /// - metadata: Additional metadata to send, defaults to empty. @@ -1825,9 +1849,23 @@ public enum Archebase_DataGateway_V1_InternalStorageService: Sendable { type: .unary ) } + /// Namespace for "ReadObject" metadata. + public enum ReadObject: Sendable { + /// Request type for "ReadObject". + public typealias Input = Archebase_DataGateway_V1_ReadObjectRequest + /// Response type for "ReadObject". + public typealias Output = Archebase_DataGateway_V1_ReadObjectResponse + /// Descriptor for "ReadObject". + public static let descriptor = GRPCCore.MethodDescriptor( + service: GRPCCore.ServiceDescriptor(fullyQualifiedService: "archebase.data_gateway.v1.InternalStorageService"), + method: "ReadObject", + type: .unary + ) + } /// Descriptors for all methods in the "archebase.data_gateway.v1.InternalStorageService" service. public static let descriptors: [GRPCCore.MethodDescriptor] = [ - PresignObject.descriptor + PresignObject.descriptor, + ReadObject.descriptor ] } } @@ -1875,6 +1913,29 @@ extension Archebase_DataGateway_V1_InternalStorageService { options: GRPCCore.CallOptions, onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result ) async throws -> Result where Result: Sendable + + /// Call the "ReadObject" method. + /// + /// > Source IDL Documentation: + /// > + /// > Reads a bounded object payload for backend-only callers. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_DataGateway_V1_ReadObjectRequest` message. + /// - serializer: A serializer for `Archebase_DataGateway_V1_ReadObjectRequest` messages. + /// - deserializer: A deserializer for `Archebase_DataGateway_V1_ReadObjectResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + func readObject( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result + ) async throws -> Result where Result: Sendable } /// Generated client for the "archebase.data_gateway.v1.InternalStorageService" service. @@ -1932,6 +1993,40 @@ extension Archebase_DataGateway_V1_InternalStorageService { onResponse: handleResponse ) } + + /// Call the "ReadObject" method. + /// + /// > Source IDL Documentation: + /// > + /// > Reads a bounded object payload for backend-only callers. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_DataGateway_V1_ReadObjectRequest` message. + /// - serializer: A serializer for `Archebase_DataGateway_V1_ReadObjectRequest` messages. + /// - deserializer: A deserializer for `Archebase_DataGateway_V1_ReadObjectResponse` messages. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func readObject( + request: GRPCCore.ClientRequest, + serializer: some GRPCCore.MessageSerializer, + deserializer: some GRPCCore.MessageDeserializer, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.client.unary( + request: request, + descriptor: Archebase_DataGateway_V1_InternalStorageService.Method.ReadObject.descriptor, + serializer: serializer, + deserializer: deserializer, + options: options, + onResponse: handleResponse + ) + } } } @@ -1966,6 +2061,35 @@ extension Archebase_DataGateway_V1_InternalStorageService.ClientProtocol { onResponse: handleResponse ) } + + /// Call the "ReadObject" method. + /// + /// > Source IDL Documentation: + /// > + /// > Reads a bounded object payload for backend-only callers. + /// + /// - Parameters: + /// - request: A request containing a single `Archebase_DataGateway_V1_ReadObjectRequest` message. + /// - options: Options to apply to this RPC. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func readObject( + request: GRPCCore.ClientRequest, + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + try await self.readObject( + request: request, + serializer: GRPCProtobuf.ProtobufSerializer(), + deserializer: GRPCProtobuf.ProtobufDeserializer(), + options: options, + onResponse: handleResponse + ) + } } // Helpers providing sugared APIs for 'ClientProtocol' methods. @@ -2003,4 +2127,37 @@ extension Archebase_DataGateway_V1_InternalStorageService.ClientProtocol { onResponse: handleResponse ) } + + /// Call the "ReadObject" method. + /// + /// > Source IDL Documentation: + /// > + /// > Reads a bounded object payload for backend-only callers. + /// + /// - Parameters: + /// - message: request message to send. + /// - metadata: Additional metadata to send, defaults to empty. + /// - options: Options to apply to this RPC, defaults to `.defaults`. + /// - handleResponse: A closure which handles the response, the result of which is + /// returned to the caller. Returning from the closure will cancel the RPC if it + /// hasn't already finished. + /// - Returns: The result of `handleResponse`. + public func readObject( + _ message: Archebase_DataGateway_V1_ReadObjectRequest, + metadata: GRPCCore.Metadata = [:], + options: GRPCCore.CallOptions = .defaults, + onResponse handleResponse: @Sendable @escaping (GRPCCore.ClientResponse) async throws -> Result = { response in + try response.message + } + ) async throws -> Result where Result: Sendable { + let request = GRPCCore.ClientRequest( + message: message, + metadata: metadata + ) + return try await self.readObject( + request: request, + options: options, + onResponse: handleResponse + ) + } } \ No newline at end of file diff --git a/Sources/DGWProto/Generated/data_gateway.pb.swift b/Sources/DGWProto/Generated/data_gateway.pb.swift index 4ae32a9..e5322fc 100644 --- a/Sources/DGWProto/Generated/data_gateway.pb.swift +++ b/Sources/DGWProto/Generated/data_gateway.pb.swift @@ -8,6 +8,11 @@ // For information on using the generated types, please see the documentation: // https://github.com/apple/swift-protobuf/ +#if canImport(FoundationEssentials) +import FoundationEssentials +#else +import Foundation +#endif import SwiftProtobuf // If the compiler emits an error on this type, it is because this file @@ -352,6 +357,8 @@ public struct Archebase_DataGateway_V1_InitDeviceRequest: Sendable { } /// Request sent by SDKs when explicitly rotating an existing upload API key. +/// This currently mirrors InitDeviceRequest, but remains a separate message so +/// reinit-only fields can be added without changing first-time init semantics. public struct Archebase_DataGateway_V1_ReinitDeviceRequest: Sendable { // SwiftProtobuf.Message conformance is added in an extension below. See the // `Message` and `Message+*Additions` files in the SwiftProtobuf library for @@ -377,7 +384,7 @@ public struct Archebase_DataGateway_V1_InitDeviceResponse: Sendable { // `Message` and `Message+*Additions` files in the SwiftProtobuf library for // methods supported on all messages. - /// Base64-encoded credential returned by auth and used for later uploads. + /// Opaque credential returned by auth and used for later uploads. public var apiKey: String = String() /// Platform-approved device tags replayed on every subsequent upload. @@ -409,6 +416,10 @@ public struct Archebase_DataGateway_V1_UploadCredentials: Sendable { public var partSizeBytes: Int64 = 0 + public var objectStoreBackend: String = String() + + public var objectStoreRegion: String = String() + public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} @@ -583,6 +594,11 @@ public struct Archebase_DataGateway_V1_CompleteUploadRequest: Sendable { public var ossObjectEtag: String = String() + /// Upload part size issued by data-gateway for this upload session. + /// New SDKs echo it back so completion validation remains stable if + /// gateway config changes between credential issuance and completion. + public var partSizeBytes: Int64 = 0 + public var unknownFields = SwiftProtobuf.UnknownStorage() public init() {} @@ -1121,6 +1137,67 @@ public struct Archebase_DataGateway_V1_PresignObjectResponse: Sendable { fileprivate var _write: Archebase_DataGateway_V1_PresignedOperation? = nil } +/// Requests a bounded backend-only object read. +public struct Archebase_DataGateway_V1_ReadObjectRequest: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// Object to read. + public var object: Archebase_DataGateway_V1_StorageObject { + get {_object ?? Archebase_DataGateway_V1_StorageObject()} + set {_object = newValue} + } + /// Returns true if `object` has been explicitly set. + public var hasObject: Bool {self._object != nil} + /// Clears the value of `object`. Subsequent reads from it will return its default value. + public mutating func clearObject() {self._object = nil} + + /// Maximum number of bytes the caller is willing to receive. + public var maxBytes: Int64 = 0 + + /// Allowed response content types. Empty means no content-type constraint. + public var allowedContentTypes: [String] = [] + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _object: Archebase_DataGateway_V1_StorageObject? = nil +} + +/// Returns bytes and metadata for one backend-only object read. +public struct Archebase_DataGateway_V1_ReadObjectResponse: Sendable { + // SwiftProtobuf.Message conformance is added in an extension below. See the + // `Message` and `Message+*Additions` files in the SwiftProtobuf library for + // methods supported on all messages. + + /// Object that was read. + public var object: Archebase_DataGateway_V1_StorageObject { + get {_object ?? Archebase_DataGateway_V1_StorageObject()} + set {_object = newValue} + } + /// Returns true if `object` has been explicitly set. + public var hasObject: Bool {self._object != nil} + /// Clears the value of `object`. Subsequent reads from it will return its default value. + public mutating func clearObject() {self._object = nil} + + /// Full object content. The service rejects objects larger than max_bytes. + public var content: Data = Data() + + /// Object content type, if known. + public var contentType: String = String() + + /// Object entity tag, if known. + public var etag: String = String() + + public var unknownFields = SwiftProtobuf.UnknownStorage() + + public init() {} + + fileprivate var _object: Archebase_DataGateway_V1_StorageObject? = nil +} + // MARK: - Code below here is support for the SwiftProtobuf runtime. fileprivate let _protobuf_package = "archebase.data_gateway.v1" @@ -1266,7 +1343,7 @@ extension Archebase_DataGateway_V1_InitDeviceResponse: SwiftProtobuf.Message, Sw extension Archebase_DataGateway_V1_UploadCredentials: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".UploadCredentials" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}bucket\0\u{1}endpoint\0\u{3}object_key\0\u{3}sts_access_key_id\0\u{3}sts_access_key_secret\0\u{3}sts_security_token\0\u{3}sts_expire_at_unix\0\u{3}part_size_bytes\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}bucket\0\u{1}endpoint\0\u{3}object_key\0\u{3}sts_access_key_id\0\u{3}sts_access_key_secret\0\u{3}sts_security_token\0\u{3}sts_expire_at_unix\0\u{3}part_size_bytes\0\u{3}object_store_backend\0\u{3}object_store_region\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1282,6 +1359,8 @@ extension Archebase_DataGateway_V1_UploadCredentials: SwiftProtobuf.Message, Swi case 6: try { try decoder.decodeSingularStringField(value: &self.stsSecurityToken) }() case 7: try { try decoder.decodeSingularInt64Field(value: &self.stsExpireAtUnix) }() case 8: try { try decoder.decodeSingularInt64Field(value: &self.partSizeBytes) }() + case 9: try { try decoder.decodeSingularStringField(value: &self.objectStoreBackend) }() + case 10: try { try decoder.decodeSingularStringField(value: &self.objectStoreRegion) }() default: break } } @@ -1312,6 +1391,12 @@ extension Archebase_DataGateway_V1_UploadCredentials: SwiftProtobuf.Message, Swi if self.partSizeBytes != 0 { try visitor.visitSingularInt64Field(value: self.partSizeBytes, fieldNumber: 8) } + if !self.objectStoreBackend.isEmpty { + try visitor.visitSingularStringField(value: self.objectStoreBackend, fieldNumber: 9) + } + if !self.objectStoreRegion.isEmpty { + try visitor.visitSingularStringField(value: self.objectStoreRegion, fieldNumber: 10) + } try unknownFields.traverse(visitor: &visitor) } @@ -1324,6 +1409,8 @@ extension Archebase_DataGateway_V1_UploadCredentials: SwiftProtobuf.Message, Swi if lhs.stsSecurityToken != rhs.stsSecurityToken {return false} if lhs.stsExpireAtUnix != rhs.stsExpireAtUnix {return false} if lhs.partSizeBytes != rhs.partSizeBytes {return false} + if lhs.objectStoreBackend != rhs.objectStoreBackend {return false} + if lhs.objectStoreRegion != rhs.objectStoreRegion {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -1679,7 +1766,7 @@ extension Archebase_DataGateway_V1_AbortUploadResponse: SwiftProtobuf.Message, S extension Archebase_DataGateway_V1_CompleteUploadRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { public static let protoMessageName: String = _protobuf_package + ".CompleteUploadRequest" - public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}upload_id\0\u{3}file_size\0\u{3}raw_tags\0\u{3}completed_part_count\0\u{3}oss_object_etag\0") + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{3}upload_id\0\u{3}file_size\0\u{3}raw_tags\0\u{3}completed_part_count\0\u{3}oss_object_etag\0\u{3}part_size_bytes\0") public mutating func decodeMessage(decoder: inout D) throws { while let fieldNumber = try decoder.nextFieldNumber() { @@ -1692,6 +1779,7 @@ extension Archebase_DataGateway_V1_CompleteUploadRequest: SwiftProtobuf.Message, case 3: try { try decoder.decodeMapField(fieldType: SwiftProtobuf._ProtobufMap.self, value: &self.rawTags) }() case 4: try { try decoder.decodeSingularInt32Field(value: &self.completedPartCount) }() case 5: try { try decoder.decodeSingularStringField(value: &self.ossObjectEtag) }() + case 6: try { try decoder.decodeSingularInt64Field(value: &self.partSizeBytes) }() default: break } } @@ -1713,6 +1801,9 @@ extension Archebase_DataGateway_V1_CompleteUploadRequest: SwiftProtobuf.Message, if !self.ossObjectEtag.isEmpty { try visitor.visitSingularStringField(value: self.ossObjectEtag, fieldNumber: 5) } + if self.partSizeBytes != 0 { + try visitor.visitSingularInt64Field(value: self.partSizeBytes, fieldNumber: 6) + } try unknownFields.traverse(visitor: &visitor) } @@ -1722,6 +1813,7 @@ extension Archebase_DataGateway_V1_CompleteUploadRequest: SwiftProtobuf.Message, if lhs.rawTags != rhs.rawTags {return false} if lhs.completedPartCount != rhs.completedPartCount {return false} if lhs.ossObjectEtag != rhs.ossObjectEtag {return false} + if lhs.partSizeBytes != rhs.partSizeBytes {return false} if lhs.unknownFields != rhs.unknownFields {return false} return true } @@ -2604,3 +2696,96 @@ extension Archebase_DataGateway_V1_PresignObjectResponse: SwiftProtobuf.Message, return true } } + +extension Archebase_DataGateway_V1_ReadObjectRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ReadObjectRequest" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}object\0\u{3}max_bytes\0\u{3}allowed_content_types\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularMessageField(value: &self._object) }() + case 2: try { try decoder.decodeSingularInt64Field(value: &self.maxBytes) }() + case 3: try { try decoder.decodeRepeatedStringField(value: &self.allowedContentTypes) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._object { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if self.maxBytes != 0 { + try visitor.visitSingularInt64Field(value: self.maxBytes, fieldNumber: 2) + } + if !self.allowedContentTypes.isEmpty { + try visitor.visitRepeatedStringField(value: self.allowedContentTypes, fieldNumber: 3) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_DataGateway_V1_ReadObjectRequest, rhs: Archebase_DataGateway_V1_ReadObjectRequest) -> Bool { + if lhs._object != rhs._object {return false} + if lhs.maxBytes != rhs.maxBytes {return false} + if lhs.allowedContentTypes != rhs.allowedContentTypes {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} + +extension Archebase_DataGateway_V1_ReadObjectResponse: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding { + public static let protoMessageName: String = _protobuf_package + ".ReadObjectResponse" + public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}object\0\u{1}content\0\u{3}content_type\0\u{1}etag\0") + + public mutating func decodeMessage(decoder: inout D) throws { + while let fieldNumber = try decoder.nextFieldNumber() { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every case branch when no optimizations are + // enabled. https://github.com/apple/swift-protobuf/issues/1034 + switch fieldNumber { + case 1: try { try decoder.decodeSingularMessageField(value: &self._object) }() + case 2: try { try decoder.decodeSingularBytesField(value: &self.content) }() + case 3: try { try decoder.decodeSingularStringField(value: &self.contentType) }() + case 4: try { try decoder.decodeSingularStringField(value: &self.etag) }() + default: break + } + } + } + + public func traverse(visitor: inout V) throws { + // The use of inline closures is to circumvent an issue where the compiler + // allocates stack space for every if/case branch local when no optimizations + // are enabled. https://github.com/apple/swift-protobuf/issues/1034 and + // https://github.com/apple/swift-protobuf/issues/1182 + try { if let v = self._object { + try visitor.visitSingularMessageField(value: v, fieldNumber: 1) + } }() + if !self.content.isEmpty { + try visitor.visitSingularBytesField(value: self.content, fieldNumber: 2) + } + if !self.contentType.isEmpty { + try visitor.visitSingularStringField(value: self.contentType, fieldNumber: 3) + } + if !self.etag.isEmpty { + try visitor.visitSingularStringField(value: self.etag, fieldNumber: 4) + } + try unknownFields.traverse(visitor: &visitor) + } + + public static func ==(lhs: Archebase_DataGateway_V1_ReadObjectResponse, rhs: Archebase_DataGateway_V1_ReadObjectResponse) -> Bool { + if lhs._object != rhs._object {return false} + if lhs.content != rhs.content {return false} + if lhs.contentType != rhs.contentType {return false} + if lhs.etag != rhs.etag {return false} + if lhs.unknownFields != rhs.unknownFields {return false} + return true + } +} diff --git a/Sources/DataGatewayClient/FilePreparation.swift b/Sources/DataGatewayClient/FilePreparation.swift index f858c31..b98ef39 100644 --- a/Sources/DataGatewayClient/FilePreparation.swift +++ b/Sources/DataGatewayClient/FilePreparation.swift @@ -821,7 +821,8 @@ package protocol UploadCoordinatorGatewayClient: Sendable { fileSize: Int64, rawTags: [String: String], completedPartCount: Int32, - ossObjectEtag: String + ossObjectEtag: String, + partSizeBytes: Int64 ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse } @@ -986,7 +987,8 @@ public actor UploadCoordinator { fileSize: Int64(preparedFile.fileSize), rawTags: request.rawTags, completedPartCount: Int32(uploadedDescriptors.count), - ossObjectEtag: ossObjectETag + ossObjectEtag: ossObjectETag, + partSizeBytes: createResponse.credentials.partSizeBytes ) let completedAt = await self.dependencies.clock.now() @@ -1220,7 +1222,8 @@ public actor UploadCoordinator { fileSize: Int64(resumedState.fileSize), rawTags: resumedState.rawTags, completedPartCount: Int32(uploadedDescriptors.count), - ossObjectEtag: ossObjectETag + ossObjectEtag: ossObjectETag, + partSizeBytes: Int64(resumedState.partSizeBytes) ) resumedState.phase = .businessCompleting @@ -1295,7 +1298,8 @@ public actor UploadCoordinator { fileSize: Int64(resumedState.fileSize), rawTags: resumedState.rawTags, completedPartCount: Int32(resumedState.uploadedParts.count), - ossObjectEtag: remoteETag + ossObjectEtag: remoteETag, + partSizeBytes: Int64(resumedState.partSizeBytes) ) resumedState.phase = .businessCompleting @@ -1422,7 +1426,8 @@ public actor UploadCoordinator { fileSize: Int64(restartedState.fileSize), rawTags: restartedState.rawTags, completedPartCount: Int32(uploadedDescriptors.count), - ossObjectEtag: ossObjectETag + ossObjectEtag: ossObjectETag, + partSizeBytes: Int64(restartedState.partSizeBytes) ) restartedState.phase = .businessCompleting @@ -1823,7 +1828,7 @@ package struct AnyUploadCoordinatorGatewayClient: UploadCoordinatorGatewayClient private let getUploadRecoveryHandler: @Sendable (String) async throws -> Archebase_DataGateway_V1_GetUploadRecoveryResponse private let reissueUploadCredentialsHandler: @Sendable (String) async throws -> Archebase_DataGateway_V1_ReissueUploadCredentialsResponse private let abortUploadHandler: @Sendable (String, String) async throws -> Archebase_DataGateway_V1_AbortUploadResponse - private let completeUploadHandler: @Sendable (String, Int64, [String: String], Int32, String) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse + private let completeUploadHandler: @Sendable (String, Int64, [String: String], Int32, String, Int64) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse package init( authProvider: CredentialAuthProvider, @@ -1867,14 +1872,15 @@ package struct AnyUploadCoordinatorGatewayClient: UploadCoordinatorGatewayClient throw ControlPlaneErrorMapper.map(error) } } - self.completeUploadHandler = { uploadID, fileSize, rawTags, completedPartCount, ossObjectEtag in + self.completeUploadHandler = { uploadID, fileSize, rawTags, completedPartCount, ossObjectEtag, partSizeBytes in do { return try await retryingClient.completeUpload( uploadID: uploadID, fileSize: fileSize, rawTags: rawTags, completedPartCount: completedPartCount, - ossObjectEtag: ossObjectEtag + ossObjectEtag: ossObjectEtag, + partSizeBytes: partSizeBytes ) } catch { throw ControlPlaneErrorMapper.map(error) @@ -1913,9 +1919,10 @@ package struct AnyUploadCoordinatorGatewayClient: UploadCoordinatorGatewayClient fileSize: Int64, rawTags: [String : String], completedPartCount: Int32, - ossObjectEtag: String + ossObjectEtag: String, + partSizeBytes: Int64 ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse { - try await self.completeUploadHandler(uploadID, fileSize, rawTags, completedPartCount, ossObjectEtag) + try await self.completeUploadHandler(uploadID, fileSize, rawTags, completedPartCount, ossObjectEtag, partSizeBytes) } } diff --git a/Tests/DGWAuthTests/CredentialAuthProviderTests.swift b/Tests/DGWAuthTests/CredentialAuthProviderTests.swift index bc55b68..7013765 100644 --- a/Tests/DGWAuthTests/CredentialAuthProviderTests.swift +++ b/Tests/DGWAuthTests/CredentialAuthProviderTests.swift @@ -209,8 +209,6 @@ private func makeResponse( response.accessToken = accessToken response.expiresAtUnix = expiresAtUnix response.tokenType = tokenType - response.keyID = "key-1" - response.keyPrefix = "ak_demo" return response } diff --git a/Tests/DGWControlPlaneTests/ControlPlaneTransportTests.swift b/Tests/DGWControlPlaneTests/ControlPlaneTransportTests.swift index a64fc95..6a362e4 100644 --- a/Tests/DGWControlPlaneTests/ControlPlaneTransportTests.swift +++ b/Tests/DGWControlPlaneTests/ControlPlaneTransportTests.swift @@ -74,6 +74,7 @@ import GRPCCore rawTags: ["scene": "robot"], completedPartCount: 3, ossObjectEtag: "\"etag-1\"", + partSizeBytes: 64 * 1024 * 1024, authorizationHeader: "Bearer token-1" ) @@ -90,7 +91,7 @@ import GRPCCore #expect(invocations[3].method == "AbortUpload") #expect(invocations[3].requestSummary == "logical-1:aborted by client") #expect(invocations[4].method == "CompleteUpload") - #expect(invocations[4].requestSummary == "upload-1:128:3:\"etag-1\"") + #expect(invocations[4].requestSummary == "upload-1:128:3:\"etag-1\":67108864") } @Test func deviceInitTransportBuildsRequestWithoutAuthorization() async throws { @@ -294,7 +295,7 @@ private actor GatewayServiceClientStub: Archebase_DataGateway_V1_DataGatewayServ options: CallOptions, onResponse handleResponse: @Sendable @escaping (ClientResponse) async throws -> Result ) async throws -> Result where Result : Sendable { - let summary = "\(request.message.uploadID):\(request.message.fileSize):\(request.message.completedPartCount):\(request.message.ossObjectEtag)" + let summary = "\(request.message.uploadID):\(request.message.fileSize):\(request.message.completedPartCount):\(request.message.ossObjectEtag):\(request.message.partSizeBytes)" self.record(method: "CompleteUpload", metadata: request.metadata, timeout: options.timeout, requestSummary: summary) return try await handleResponse(ClientResponse(message: Archebase_DataGateway_V1_CompleteUploadResponse())) diff --git a/Tests/DGWControlPlaneTests/RetryExecutorTests.swift b/Tests/DGWControlPlaneTests/RetryExecutorTests.swift index 72ed800..51e2da4 100644 --- a/Tests/DGWControlPlaneTests/RetryExecutorTests.swift +++ b/Tests/DGWControlPlaneTests/RetryExecutorTests.swift @@ -247,6 +247,7 @@ private actor MockGatewayClient: GatewayControlPlaneClientProtocol { rawTags: [String : String], completedPartCount: Int32, ossObjectEtag: String, + partSizeBytes: Int64, authorizationHeader: String ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse { guard case .complete(let result) = self.results.removeFirst() else { diff --git a/Tests/DataGatewayClientIntegrationTests/ArchebaseConfigClientTests.swift b/Tests/DataGatewayClientIntegrationTests/ArchebaseConfigClientTests.swift index 460ccf3..943f9b7 100644 --- a/Tests/DataGatewayClientIntegrationTests/ArchebaseConfigClientTests.swift +++ b/Tests/DataGatewayClientIntegrationTests/ArchebaseConfigClientTests.swift @@ -223,7 +223,8 @@ private actor RecordingGatewayClient: UploadCoordinatorGatewayClient { fileSize: Int64, rawTags: [String : String], completedPartCount: Int32, - ossObjectEtag: String + ossObjectEtag: String, + partSizeBytes: Int64 ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse { self.completedRawTags = rawTags return Archebase_DataGateway_V1_CompleteUploadResponse() diff --git a/Tests/DataGatewayClientIntegrationTests/UploadCoordinatorTests.swift b/Tests/DataGatewayClientIntegrationTests/UploadCoordinatorTests.swift index 63555fc..10b83a9 100644 --- a/Tests/DataGatewayClientIntegrationTests/UploadCoordinatorTests.swift +++ b/Tests/DataGatewayClientIntegrationTests/UploadCoordinatorTests.swift @@ -297,12 +297,13 @@ import Testing fileSize: Int64(result.fileSize), rawTags: completedRawTags, completedPartCount: 1, - ossObjectEtag: result.ossObjectETag + ossObjectEtag: result.ossObjectETag, + partSizeBytes: 12 ) #expect(await gatewayClient.completeInvocations() == [ - CompleteInvocation(uploadID: "upload-idempotent", fileSize: 12, rawTags: completedRawTags, completedPartCount: 1, ossObjectEtag: "\"etag-object\""), - CompleteInvocation(uploadID: "upload-idempotent", fileSize: 12, rawTags: completedRawTags, completedPartCount: 1, ossObjectEtag: "\"etag-object\""), + CompleteInvocation(uploadID: "upload-idempotent", fileSize: 12, rawTags: completedRawTags, completedPartCount: 1, ossObjectEtag: "\"etag-object\"", partSizeBytes: 12), + CompleteInvocation(uploadID: "upload-idempotent", fileSize: 12, rawTags: completedRawTags, completedPartCount: 1, ossObjectEtag: "\"etag-object\"", partSizeBytes: 12), ]) } @@ -439,7 +440,8 @@ import Testing fileSize: Int64(payload.count), rawTags: ["scene": "robot"], completedPartCount: 1, - ossObjectEtag: "\"etag-object\"" + ossObjectEtag: "\"etag-object\"", + partSizeBytes: 64 * 1024 * 1024 ), ]) #expect(await ossSession.uploadCalls() == [UploadCall(multipartUploadID: "multipart-1", partNumber: 1, size: payload.count)]) @@ -571,7 +573,8 @@ import Testing fileSize: 24, rawTags: sourceFileNameRawTags(fileName: "demo-multipart.bin"), completedPartCount: 3, - ossObjectEtag: "\"etag-multipart-object\"" + ossObjectEtag: "\"etag-multipart-object\"", + partSizeBytes: 8 ), ]) let completedState = try await stateStore.loadSnapshot(logicalUploadID: "logical-1") @@ -885,7 +888,8 @@ import Testing fileSize: 24, rawTags: ["scene": "robot"], completedPartCount: 3, - ossObjectEtag: "\"etag-resume-object\"" + ossObjectEtag: "\"etag-resume-object\"", + partSizeBytes: 8 ), ]) let completedState = try await stateStore.loadSnapshot(logicalUploadID: "logical-resume") @@ -1537,7 +1541,8 @@ import Testing fileSize: 16, rawTags: ["scene": "robot"], completedPartCount: 2, - ossObjectEtag: "\"etag-head-match\"" + ossObjectEtag: "\"etag-head-match\"", + partSizeBytes: 8 ), ]) } @@ -2094,7 +2099,8 @@ private actor MockUploadCoordinatorGatewayClient: UploadCoordinatorGatewayClient fileSize: Int64, rawTags: [String : String], completedPartCount: Int32, - ossObjectEtag: String + ossObjectEtag: String, + partSizeBytes: Int64 ) async throws -> Archebase_DataGateway_V1_CompleteUploadResponse { self.completeCalls.append( CompleteInvocation( @@ -2102,7 +2108,8 @@ private actor MockUploadCoordinatorGatewayClient: UploadCoordinatorGatewayClient fileSize: fileSize, rawTags: rawTags, completedPartCount: completedPartCount, - ossObjectEtag: ossObjectEtag + ossObjectEtag: ossObjectEtag, + partSizeBytes: partSizeBytes ) ) if let completeError { @@ -2311,6 +2318,7 @@ private struct CompleteInvocation: Equatable, Sendable { let rawTags: [String: String] let completedPartCount: Int32 let ossObjectEtag: String + let partSizeBytes: Int64 } private func sourceFileNameRawTags(fileName: String) -> [String: String] { diff --git a/protos/auth.proto b/protos/auth.proto index c038bcb..974a494 100644 --- a/protos/auth.proto +++ b/protos/auth.proto @@ -37,18 +37,22 @@ service AdminAuthService { returns (UpdateSiteResponse); rpc DeleteSite(DeleteSiteRequest) returns (DeleteSiteResponse); - rpc CreateApiKey(CreateApiKeyRequest) - returns (CreateApiKeyResponse); + rpc CreateSiteApiKey(CreateSiteApiKeyRequest) + returns (CreateSiteApiKeyResponse); + rpc CreateOrRotateDeviceApiKey(CreateOrRotateDeviceApiKeyRequest) + returns (CreateOrRotateDeviceApiKeyResponse); rpc GetApiKey(GetApiKeyRequest) returns (GetApiKeyResponse); rpc ListApiKeys(ListApiKeysRequest) returns (ListApiKeysResponse); + rpc UpdateApiKey(UpdateApiKeyRequest) + returns (UpdateApiKeyResponse); rpc EnableApiKey(EnableApiKeyRequest) returns (EnableApiKeyResponse); rpc DisableApiKey(DisableApiKeyRequest) returns (DisableApiKeyResponse); - rpc UpdateApiKey(UpdateApiKeyRequest) - returns (UpdateApiKeyResponse); + rpc RotateApiKeySecret(RotateApiKeySecretRequest) + returns (RotateApiKeySecretResponse); rpc DeleteApiKey(DeleteApiKeyRequest) returns (DeleteApiKeyResponse); rpc CreateOrganization(CreateOrganizationRequest) @@ -77,15 +81,14 @@ service UserAuthService { } message ExchangeCredentialRequest { - string credential_base64 = 1; + string credential = 1; } message ExchangeCredentialResponse { string access_token = 1; int64 expires_at_unix = 2; string token_type = 3; - string key_id = 4; - string key_prefix = 5; + ApiKeyPrincipal principal = 4; } message LoginRequest { @@ -128,44 +131,34 @@ message ExchangeSystemCredentialResponse { string user_name = 5; } -enum UserRole { - USER_ROLE_UNSPECIFIED = 0; - USER_ROLE_ADMINISTRATORS = 1; - USER_ROLE_NORMAL_USERS = 2; -} - -// Business identity, orthogonal to UserRole (privilege). See -// docs/design/abac-design.md §3. Service accounts always carry -// USER_CLASS_UNSPECIFIED; every HUMAN user must have one of the -// concrete classes per ck_users_admin_class_consistency / -// ck_users_normal_class_consistency / ck_users_service_account_class -// in migration 0018. -enum UserClass { - USER_CLASS_UNSPECIFIED = 0; - USER_CLASS_SYSTEM_ADMIN = 1; - USER_CLASS_ORG_ADMIN = 2; - USER_CLASS_ANNOTATOR = 3; - USER_CLASS_REVIEWER = 4; - USER_CLASS_VIEWER = 5; -} - message User { string organization = 1; string user_name = 2; - UserRole role = 3; + // Cedar-era role string. The single source of truth for a + // HUMAN user's authorization identity. SERVICE_ACCOUNT + // principals may leave this empty or carry a `system_sa_*` + // identity role; a synthetic `system_service_account` role is + // injected at PIP time, see `common/src/abac/subject.rs`. + string role = 3; google.protobuf.Timestamp last_login_at = 4; google.protobuf.Timestamp created_at = 5; google.protobuf.Timestamp updated_at = 6; - UserClass user_class = 7; int64 organization_id = 8; int64 user_id = 9; } +enum OrganizationKind { + ORGANIZATION_KIND_UNSPECIFIED = 0; + ORGANIZATION_KIND_BUSINESS = 1; + ORGANIZATION_KIND_SYSTEM = 2; +} + message Organization { string organization = 1; string display_name = 2; google.protobuf.Timestamp created_at = 3; google.protobuf.Timestamp updated_at = 4; + OrganizationKind organization_kind = 5; } message Site { @@ -176,13 +169,34 @@ message Site { google.protobuf.Timestamp updated_at = 5; } -message ApiKey { +enum ApiKeyOwnerKind { + API_KEY_OWNER_KIND_UNSPECIFIED = 0; + API_KEY_OWNER_KIND_SITE = 1; + API_KEY_OWNER_KIND_DEVICE = 2; +} + +enum DeviceApiKeyMutationMode { + DEVICE_API_KEY_MUTATION_MODE_UNSPECIFIED = 0; + DEVICE_API_KEY_MUTATION_MODE_CREATE_ONLY = 1; + DEVICE_API_KEY_MUTATION_MODE_ROTATE_ONLY = 2; +} + +message ApiKeyPrincipal { int64 site_id = 1; - string key_id = 2; - string key_prefix = 3; - int32 status = 4; - google.protobuf.Timestamp expired_at = 5; - google.protobuf.Timestamp last_used_at = 6; + string api_key_id = 2; + string key_name = 3; + ApiKeyOwnerKind owner_kind = 4; + string device_id = 5; + string suite_id = 6; +} + +message ApiKey { + string api_key_id = 1; + string key_name = 2; + int32 status = 3; + google.protobuf.Timestamp expired_at = 4; + google.protobuf.Timestamp last_used_at = 5; + ApiKeyPrincipal principal = 6; } message CreateSiteRequest { @@ -240,22 +254,33 @@ message DeleteSiteRequest { message DeleteSiteResponse {} -message CreateApiKeyRequest { +message CreateSiteApiKeyRequest { int64 site_id = 1; - string key_id = 2; - string key_prefix = 3; - int32 status = 4; - google.protobuf.Timestamp expired_at = 5; - bool rotate_if_exists = 6; + string key_name = 2; + int32 status = 3; + google.protobuf.Timestamp expired_at = 4; +} + +message CreateSiteApiKeyResponse { + ApiKey api_key = 1; + string credential = 2; +} + +message CreateOrRotateDeviceApiKeyRequest { + string device_id = 1; + string key_name = 2; + int32 status = 3; + google.protobuf.Timestamp expired_at = 4; + DeviceApiKeyMutationMode mutation_mode = 5; } -message CreateApiKeyResponse { - string credential_base64 = 1; +message CreateOrRotateDeviceApiKeyResponse { + ApiKey api_key = 1; + string credential = 2; } message GetApiKeyRequest { - int64 site_id = 1; - string key_id = 2; + string api_key_id = 1; } message GetApiKeyResponse { @@ -263,7 +288,10 @@ message GetApiKeyResponse { } message ListApiKeysRequest { + // Use 0 to list API keys across all sites. int64 site_id = 1; + ApiKeyOwnerKind owner_kind = 2; + string device_id = 3; } message ListApiKeysResponse { @@ -271,8 +299,7 @@ message ListApiKeysResponse { } message EnableApiKeyRequest { - int64 site_id = 1; - string key_id = 2; + string api_key_id = 1; } message EnableApiKeyResponse { @@ -280,8 +307,7 @@ message EnableApiKeyResponse { } message DisableApiKeyRequest { - int64 site_id = 1; - string key_id = 2; + string api_key_id = 1; } message DisableApiKeyResponse { @@ -289,22 +315,28 @@ message DisableApiKeyResponse { } message UpdateApiKeyRequest { - int64 site_id = 1; - string key_id = 2; - optional string key_prefix = 3; - optional string site_secret = 4; - optional int32 status = 5; - google.protobuf.Timestamp expired_at = 6; - bool clear_expired_at = 7; + string api_key_id = 1; + optional string key_name = 2; + optional int32 status = 3; + google.protobuf.Timestamp expired_at = 4; + bool clear_expired_at = 5; } message UpdateApiKeyResponse { ApiKey api_key = 1; } +message RotateApiKeySecretRequest { + string api_key_id = 1; +} + +message RotateApiKeySecretResponse { + ApiKey api_key = 1; + string credential = 2; +} + message DeleteApiKeyRequest { - int64 site_id = 1; - string key_id = 2; + string api_key_id = 1; } message DeleteApiKeyResponse {} @@ -353,12 +385,13 @@ message DeleteOrganizationResponse {} message CreateUserRequest { string user_name = 1; string password = 2; - UserRole role = 3; - // Required for HUMAN users; service accounts carry - // USER_CLASS_UNSPECIFIED implicitly. Server validates the - // (role, account_kind, user_class) tuple per - // docs/design/abac-design.md §3.3. - UserClass user_class = 4; + // Cedar role. Required and non-empty for HUMAN users. + // SERVICE_ACCOUNT principals may leave this empty or carry a + // `system_sa_*` identity role; the PIP always injects + // `system_service_account` at runtime. Server rejects unknown + // non-empty role names with `META_ROLE_UNKNOWN`, and refuses the + // call if the role is not present in `roles`. + string role = 3; } message CreateUserResponse { @@ -382,12 +415,11 @@ message ListUsersResponse { message UpdateUserRequest { string user_name = 1; optional string password = 2; - optional UserRole role = 3; - // Optional: change the business identity. Server rejects the - // update if the resulting (role, account_kind, user_class) tuple - // violates the consistency constraints in - // docs/design/abac-design.md §3.3. - optional UserClass user_class = 4; + // Optional: change the Cedar role. Server rejects the update + // if `role` is not registered, or if `min_required_holders` + // would be breached by demoting the last holder of a critical + // role. + optional string role = 3; } message UpdateUserResponse { diff --git a/protos/data_gateway.proto b/protos/data_gateway.proto index 4d4b705..b381551 100644 --- a/protos/data_gateway.proto +++ b/protos/data_gateway.proto @@ -2,9 +2,10 @@ syntax = "proto3"; package archebase.data_gateway.v1; -import "common.proto"; - service DataGatewayService { + // Upload RPCs are scoped exclusively by the bearer API-key principal + // stamped by the public interceptor. Clients never send site_id or any + // other owner identifier on this surface. rpc CreateLogicalUpload(CreateLogicalUploadRequest) returns (CreateLogicalUploadResponse); rpc GetUploadRecovery(GetUploadRecoveryRequest) @@ -67,6 +68,8 @@ message InitDeviceRequest { } // Request sent by SDKs when explicitly rotating an existing upload API key. +// This currently mirrors InitDeviceRequest, but remains a separate message so +// reinit-only fields can be added without changing first-time init semantics. message ReinitDeviceRequest { // Bare platform-assigned device identifier provided by the operator. string device_id = 1; @@ -78,7 +81,7 @@ message ReinitDeviceRequest { // Response persisted by SDKs into archebase-config.json. message InitDeviceResponse { - // Base64-encoded credential returned by auth and used for later uploads. + // Opaque credential returned by auth and used for later uploads. string api_key = 1; // Platform-approved device tags replayed on every subsequent upload. map tags = 2; @@ -90,6 +93,8 @@ message InitDeviceResponse { service InternalStorageService { // Generates presigned access for a single object. rpc PresignObject(PresignObjectRequest) returns (PresignObjectResponse); + // Reads a bounded object payload for backend-only callers. + rpc ReadObject(ReadObjectRequest) returns (ReadObjectResponse); } message UploadCredentials { @@ -101,6 +106,8 @@ message UploadCredentials { string sts_security_token = 6; int64 sts_expire_at_unix = 7; int64 part_size_bytes = 8; + string object_store_backend = 9; + string object_store_region = 10; } enum UploadRecoveryAction { @@ -177,6 +184,10 @@ message CompleteUploadRequest { map raw_tags = 3; int32 completed_part_count = 4; string oss_object_etag = 5; + // Upload part size issued by data-gateway for this upload session. + // New SDKs echo it back so completion validation remains stable if + // gateway config changes between credential issuance and completion. + int64 part_size_bytes = 6; } message CompleteUploadResponse {} @@ -438,6 +449,28 @@ message PresignObjectResponse { int64 expires_at_unix = 4; } +// Requests a bounded backend-only object read. +message ReadObjectRequest { + // Object to read. + StorageObject object = 1; + // Maximum number of bytes the caller is willing to receive. + int64 max_bytes = 2; + // Allowed response content types. Empty means no content-type constraint. + repeated string allowed_content_types = 3; +} + +// Returns bytes and metadata for one backend-only object read. +message ReadObjectResponse { + // Object that was read. + StorageObject object = 1; + // Full object content. The service rejects objects larger than max_bytes. + bytes content = 2; + // Object content type, if known. + string content_type = 3; + // Object entity tag, if known. + string etag = 4; +} + enum DataGatewayErrorCode { DATA_GATEWAY_ERROR_CODE_UNSPECIFIED = 0; DATA_GATEWAY_ERROR_CODE_UNAUTHENTICATED = 1;