This repository has been archived by the owner on Dec 3, 2024. It is now read-only.
generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathcosi.proto
245 lines (205 loc) · 8.53 KB
/
cosi.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
// Code generated by make; DO NOT EDIT.
syntax = "proto3";
package cosi.v1alpha1;
import "google/protobuf/descriptor.proto";
option go_package = "sigs.k8s.io/container-object-storage-interface-spec;cosi";
extend google.protobuf.EnumOptions {
// Indicates that this enum is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_enum = 1116;
}
extend google.protobuf.EnumValueOptions {
// Indicates that this enum value is OPTIONAL and part of an
// experimental API that may be deprecated and eventually removed
// between minor releases.
bool alpha_enum_value = 1116;
}
extend google.protobuf.FieldOptions {
// Indicates that a field MAY contain information that is sensitive
// and MUST be treated as such (e.g. not logged).
bool cosi_secret = 1115;
// Indicates that this field is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_field = 1116;
}
extend google.protobuf.MessageOptions {
// Indicates that this message is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_message = 1116;
}
extend google.protobuf.MethodOptions {
// Indicates that this method is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_method = 1116;
}
extend google.protobuf.ServiceOptions {
// Indicates that this service is OPTIONAL and part of an experimental
// API that may be deprecated and eventually removed between minor
// releases.
bool alpha_service = 1116;
}
service Identity {
// This call is meant to retrieve the unique provisioner Identity.
// This identity will have to be set in BucketClaim.DriverName field in order to invoke this specific provisioner.
rpc DriverGetInfo (DriverGetInfoRequest) returns (DriverGetInfoResponse) {}
}
service Provisioner {
// This call is made to create the bucket in the backend.
// This call is idempotent
// 1. If a bucket that matches both name and parameters already exists, then OK (success) must be returned.
// 2. If a bucket by same name, but different parameters is provided, then the appropriate error code ALREADY_EXISTS must be returned.
rpc DriverCreateBucket (DriverCreateBucketRequest) returns (DriverCreateBucketResponse) {}
// This call is made to delete the bucket in the backend.
// If the bucket has already been deleted, then no error should be returned.
rpc DriverDeleteBucket (DriverDeleteBucketRequest) returns (DriverDeleteBucketResponse) {}
// This call grants access to an account. The account_name in the request shall be used as a unique identifier to create credentials.
// The account_id returned in the response will be used as the unique identifier for deleting this access when calling DriverRevokeBucketAccess.
rpc DriverGrantBucketAccess (DriverGrantBucketAccessRequest) returns (DriverGrantBucketAccessResponse);
// This call revokes all access to a particular bucket from a principal.
rpc DriverRevokeBucketAccess (DriverRevokeBucketAccessRequest) returns (DriverRevokeBucketAccessResponse);
}
// S3SignatureVersion is the version of the signing algorithm for all s3 requests
enum S3SignatureVersion {
UnknownSignature = 0;
// S3V2, Signature version v2
S3V2 = 1;
// S3V4, Signature version v4
S3V4 = 2;
}
enum AnonymousBucketAccessMode {
UnknownBucketAccessMode = 0;
// Default, disallow uncredentialed access to the backend storage.
Private = 1;
// Read only, uncredentialed users can call ListBucket and GetObject.
ReadOnly = 2;
// Write only, uncredentialed users can only call PutObject.
WriteOnly = 3;
// Read/Write, uncredentialed users can read objects as well as PutObject.
ReadWrite = 4;
}
enum AuthenticationType {
UnknownAuthenticationType = 0;
// Default, KEY based authentication.
Key = 1;
// Storageaccount based authentication.
IAM = 2;
}
message S3 {
// region denotes the geographical region where the S3 server is running
string region = 1;
// signature_version denotes the signature version for signing all s3 requests
S3SignatureVersion signature_version = 2;
}
message AzureBlob {
// storage_account is the id of the azure storage account
string storage_account = 1;
}
message GCS {
// private_key_name denotes the name of the private key in the storage backend
string private_key_name = 1;
// project_id denotes the name of the project id in the storage backend
string project_id = 2;
// service_account denotes the name of the service account in the storage backend
string service_account = 3;
}
message Protocol {
oneof type {
S3 s3 = 1;
AzureBlob azureBlob = 2;
GCS gcs = 3;
}
}
message CredentialDetails {
// map of the details in the secrets for the protocol string
map<string, string> secrets = 1;
}
message DriverGetInfoRequest {
// Intentionally left blank
}
message DriverGetInfoResponse {
// This field is REQUIRED
// The name MUST follow domain name notation format
// (https://tools.ietf.org/html/rfc1035#section-2.3.1). It SHOULD
// include the plugin's host company name and the plugin name,
// to minimize the possibility of collisions. It MUST be 63
// characters or less, beginning and ending with an alphanumeric
// character ([a-z0-9A-Z]) with dashes (-), dots (.), and
// alphanumerics between.
string name = 1;
}
message DriverCreateBucketRequest {
// This field is REQUIRED
// name specifies the name of the bucket that should be created.
string name = 1;
// This field is OPTIONAL
// The caller should treat the values in parameters as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> parameters = 2;
}
message DriverCreateBucketResponse {
// bucket_id returned here is expected to be the globally unique
// identifier for the bucket in the object storage provider.
string bucket_id = 1;
// bucket_info returned here stores the data specific to the
// bucket required by the object storage provider to connect to the bucket.
Protocol bucket_info = 2;
}
message DriverDeleteBucketRequest {
// This field is REQUIRED
// bucket_id is a globally unique identifier for the bucket
// in the object storage provider
string bucket_id = 1;
// This field is OPTIONAL
// The caller should treat the values in delete_context as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> delete_context = 2;
}
message DriverDeleteBucketResponse {
// Intentionally left blank
}
message DriverGrantBucketAccessRequest {
// This field is REQUIRED
// bucket_id is a globally unique identifier for the bucket
// in the object storage provider
string bucket_id = 1;
// This field is REQUIRED
// name field is used to define the name of the bucket access object.
string name = 2;
// This field is REQUIRED
// Requested authentication type for the bucket access.
// Supported authentication types are KEY or IAM.
AuthenticationType authentication_type = 3;
// This field is OPTIONAL
// The caller should treat the values in parameters as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> parameters = 4;
}
message DriverGrantBucketAccessResponse {
// This field is REQUIRED
// This is the account_id that is being provided access. This will
// be required later to revoke access.
string account_id = 1;
// This field is REQUIRED
// Credentials supplied for accessing the bucket ex: aws access key id and secret, etc.
map<string, CredentialDetails> credentials = 2;
}
message DriverRevokeBucketAccessRequest {
// This field is REQUIRED
// bucket_id is a globally unique identifier for the bucket
// in the object storage provider.
string bucket_id = 1;
// This field is REQUIRED
// This is the account_id that is having its access revoked.
string account_id = 2;
// This field is OPTIONAL
// The caller should treat the values in revoke_access_context as opaque.
// The receiver is responsible for parsing and validating the values.
map<string,string> revoke_access_context = 3;
}
message DriverRevokeBucketAccessResponse {
// Intentionally left blank
}