diff --git a/apis/authentication/v1alpha1/authentication.proto b/apis/authentication/v1alpha1/authentication.proto new file mode 100644 index 0000000..3b2e146 --- /dev/null +++ b/apis/authentication/v1alpha1/authentication.proto @@ -0,0 +1,60 @@ +// Public API for resolving the identity associated with an authenticated request. + +edition = "2023"; + +package authentication.v1alpha1; + +import "buf/validate/validate.proto"; +import "tilebox/v1/id.proto"; + +option features.field_presence = IMPLICIT; + +// User is the Tilebox user associated with an authenticated request. +message User { + // The user's Tilebox ID. + tilebox.v1.ID id = 1 [(buf.validate.field).required = true]; + // The user's display name. + string name = 2; + // The user's email address. + string email = 3; +} + +// Organization is the Tilebox organization associated with an authenticated request. +message Organization { + // The organization's Tilebox ID. + tilebox.v1.ID id = 1 [(buf.validate.field).required = true]; + // The organization's display name. + string name = 2; + // The organization's unique slug. + string slug = 3; +} + +// APIKey identifies an API key without exposing its secret. +message APIKey { + // The API key's Tilebox ID. + tilebox.v1.ID id = 1 [(buf.validate.field).required = true]; + // The non-secret identifier embedded in the API key. + string identifier = 2; + // The API key's user-provided description. + string description = 3; +} + +// GetAuthenticationStatusRequest requests the identity associated with the calling credential. +message GetAuthenticationStatusRequest {} + +// AuthenticationStatus describes the identity associated with the calling credential. +message AuthenticationStatus { + // The authenticated user. + User user = 1 [(buf.validate.field).required = true]; + // The organization the request acts within. + Organization organization = 2 [(buf.validate.field).required = true]; + // The API key used to authenticate the request. Unset for JWT or session authentication. + APIKey api_key = 3; +} + +// AuthenticationService exposes information about the effective authentication of a request. +service AuthenticationService { + // GetAuthenticationStatus resolves the calling credential to its effective user and organization. + // Requests without valid authentication fail with UNAUTHENTICATED. + rpc GetAuthenticationStatus(GetAuthenticationStatusRequest) returns (AuthenticationStatus) {} +} diff --git a/apis/datasets/stac/v1/processing.proto b/apis/datasets/stac/v1/processing.proto index 0d092f6..640693b 100644 --- a/apis/datasets/stac/v1/processing.proto +++ b/apis/datasets/stac/v1/processing.proto @@ -11,5 +11,9 @@ option features.field_presence = IMPLICIT; // ProcessingSoftware maps each application or library name to its version, tag, commit, or equivalent identifier. message ProcessingSoftware { - map versions = 1 [(buf.validate.field).map = {keys: {string: {min_len: 1}}}]; + map versions = 1 [(buf.validate.field).map = { + keys: { + string: {min_len: 1} + } + }]; } diff --git a/apis/tilebox/v1/id.proto b/apis/tilebox/v1/id.proto index bd07585..7432782 100644 --- a/apis/tilebox/v1/id.proto +++ b/apis/tilebox/v1/id.proto @@ -10,8 +10,7 @@ option features.field_presence = IMPLICIT; message ID { bytes uuid = 1 [(buf.validate.field).bytes = { len: 16 - not_in: [ - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" // Nil UUID - ] + // Nil UUID. + not_in: ["\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"] }]; } diff --git a/apis/workflows/v1/core.proto b/apis/workflows/v1/core.proto index 8f90547..358a422 100644 --- a/apis/workflows/v1/core.proto +++ b/apis/workflows/v1/core.proto @@ -261,7 +261,9 @@ message TaskSubmissionGroup { // to enable packed encoding of the repeated fields. repeated bytes inputs = 2 [(buf.validate.field).repeated = { min_items: 1 // we don't allow empty submission groups - items: {bytes: {max_len: 2048}} + items: { + bytes: {max_len: 2048} + } }]; // Index of the task identifier in the identifier_lookup field of the containing TaskSubmissions message // for each task. diff --git a/apis/workflows/v1/job.proto b/apis/workflows/v1/job.proto index cc691f5..b4de968 100644 --- a/apis/workflows/v1/job.proto +++ b/apis/workflows/v1/job.proto @@ -5,8 +5,6 @@ edition = "2023"; package workflows.v1; import "buf/validate/validate.proto"; -import "opentelemetry/proto/logs/v1/logs.proto"; -import "opentelemetry/proto/trace/v1/trace.proto"; import "tilebox/v1/id.proto"; import "tilebox/v1/query.proto"; import "workflows/v1/core.proto"; diff --git a/apis/workflows/v1/telemetry.proto b/apis/workflows/v1/telemetry.proto index 7018fe4..6c6e50e 100644 --- a/apis/workflows/v1/telemetry.proto +++ b/apis/workflows/v1/telemetry.proto @@ -3,7 +3,6 @@ edition = "2023"; package workflows.v1; import "buf/validate/validate.proto"; -import "google/protobuf/timestamp.proto"; import "opentelemetry/proto/logs/v1/logs.proto"; import "opentelemetry/proto/trace/v1/trace.proto"; import "tilebox/v1/id.proto"; diff --git a/apis/workflows/v1/worker.proto b/apis/workflows/v1/worker.proto index b68aabb..d7366eb 100644 --- a/apis/workflows/v1/worker.proto +++ b/apis/workflows/v1/worker.proto @@ -5,7 +5,6 @@ package workflows.v1; import "buf/validate/validate.proto"; import "google/protobuf/empty.proto"; import "tilebox/v1/id.proto"; -import "workflows/v1/automation.proto"; import "workflows/v1/core.proto"; import "workflows/v1/task.proto"; import "workflows/v1/workflows.proto"; diff --git a/apis/workflows/v1/workflows.proto b/apis/workflows/v1/workflows.proto index 9dbfbec..6a7dd5e 100644 --- a/apis/workflows/v1/workflows.proto +++ b/apis/workflows/v1/workflows.proto @@ -5,7 +5,6 @@ edition = "2023"; package workflows.v1; import "buf/validate/validate.proto"; -import "google/protobuf/empty.proto"; import "google/protobuf/timestamp.proto"; import "tilebox/v1/id.proto"; import "workflows/v1/core.proto";