Kyle Isom
f880bbb6de
- Add POST /v1/accounts/{id}/roles and DELETE /v1/accounts/{id}/roles/{role} REST endpoints
- Add GrantRole and RevokeRole RPCs to AccountService in gRPC API
- Update OpenAPI specification with new endpoints
- Add grant and revoke subcommands to mciasctl
- Add grant and revoke subcommands to mciasgrpcctl
- Regenerate proto files with new message types and RPCs
- Implement gRPC server methods for granular role management
- All existing tests pass; build verified with goimports
Security: Role changes are audited via EventRoleGranted and EventRoleRevoked events,
consistent with existing SetRoles implementation.
140 lines
4.0 KiB
Protocol Buffer
140 lines
4.0 KiB
Protocol Buffer
// AccountService: account and role CRUD. All RPCs require admin role.
|
|
// CredentialService: Postgres credential management.
|
|
syntax = "proto3";
|
|
|
|
package mcias.v1;
|
|
|
|
option go_package = "git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1";
|
|
|
|
import "mcias/v1/common.proto";
|
|
|
|
// --- Account CRUD ---
|
|
|
|
// ListAccountsRequest carries no parameters.
|
|
message ListAccountsRequest {}
|
|
|
|
// ListAccountsResponse returns all accounts. Credential fields are absent.
|
|
message ListAccountsResponse {
|
|
repeated Account accounts = 1;
|
|
}
|
|
|
|
// CreateAccountRequest specifies a new account to create.
|
|
message CreateAccountRequest {
|
|
string username = 1;
|
|
string password = 2; // required for human accounts; security: never logged
|
|
string account_type = 3; // "human" or "system"
|
|
}
|
|
|
|
// CreateAccountResponse returns the created account record.
|
|
message CreateAccountResponse {
|
|
Account account = 1;
|
|
}
|
|
|
|
// GetAccountRequest identifies an account by UUID.
|
|
message GetAccountRequest {
|
|
string id = 1; // UUID
|
|
}
|
|
|
|
// GetAccountResponse returns the account record.
|
|
message GetAccountResponse {
|
|
Account account = 1;
|
|
}
|
|
|
|
// UpdateAccountRequest updates mutable fields. Only non-empty fields are applied.
|
|
message UpdateAccountRequest {
|
|
string id = 1; // UUID
|
|
string status = 2; // "active" or "inactive" (omit to leave unchanged)
|
|
}
|
|
|
|
// UpdateAccountResponse confirms the update.
|
|
message UpdateAccountResponse {}
|
|
|
|
// DeleteAccountRequest soft-deletes an account and revokes its tokens.
|
|
message DeleteAccountRequest {
|
|
string id = 1; // UUID
|
|
}
|
|
|
|
// DeleteAccountResponse confirms deletion.
|
|
message DeleteAccountResponse {}
|
|
|
|
// --- Role management ---
|
|
|
|
// GetRolesRequest identifies an account by UUID.
|
|
message GetRolesRequest {
|
|
string id = 1; // UUID
|
|
}
|
|
|
|
// GetRolesResponse lists the current roles.
|
|
message GetRolesResponse {
|
|
repeated string roles = 1;
|
|
}
|
|
|
|
// SetRolesRequest replaces the role set for an account.
|
|
message SetRolesRequest {
|
|
string id = 1; // UUID
|
|
repeated string roles = 2;
|
|
}
|
|
|
|
// SetRolesResponse confirms the update.
|
|
message SetRolesResponse {}
|
|
|
|
// GrantRoleRequest adds a single role to an account.
|
|
message GrantRoleRequest {
|
|
string id = 1; // UUID
|
|
string role = 2; // role name
|
|
}
|
|
|
|
// GrantRoleResponse confirms the grant.
|
|
message GrantRoleResponse {}
|
|
|
|
// RevokeRoleRequest removes a single role from an account.
|
|
message RevokeRoleRequest {
|
|
string id = 1; // UUID
|
|
string role = 2; // role name
|
|
}
|
|
|
|
// RevokeRoleResponse confirms the revocation.
|
|
message RevokeRoleResponse {}
|
|
|
|
// AccountService manages accounts and roles. All RPCs require admin role.
|
|
service AccountService {
|
|
rpc ListAccounts(ListAccountsRequest) returns (ListAccountsResponse);
|
|
rpc CreateAccount(CreateAccountRequest) returns (CreateAccountResponse);
|
|
rpc GetAccount(GetAccountRequest) returns (GetAccountResponse);
|
|
rpc UpdateAccount(UpdateAccountRequest) returns (UpdateAccountResponse);
|
|
rpc DeleteAccount(DeleteAccountRequest) returns (DeleteAccountResponse);
|
|
rpc GetRoles(GetRolesRequest) returns (GetRolesResponse);
|
|
rpc SetRoles(SetRolesRequest) returns (SetRolesResponse);
|
|
rpc GrantRole(GrantRoleRequest) returns (GrantRoleResponse);
|
|
rpc RevokeRole(RevokeRoleRequest) returns (RevokeRoleResponse);
|
|
}
|
|
|
|
// --- PG credentials ---
|
|
|
|
// GetPGCredsRequest identifies an account by UUID.
|
|
message GetPGCredsRequest {
|
|
string id = 1; // UUID
|
|
}
|
|
|
|
// GetPGCredsResponse returns decrypted Postgres credentials.
|
|
// Security: password is present only in this response; never in list output.
|
|
message GetPGCredsResponse {
|
|
PGCreds creds = 1;
|
|
}
|
|
|
|
// SetPGCredsRequest stores Postgres credentials for an account.
|
|
message SetPGCredsRequest {
|
|
string id = 1; // UUID
|
|
PGCreds creds = 2;
|
|
}
|
|
|
|
// SetPGCredsResponse confirms the update.
|
|
message SetPGCredsResponse {}
|
|
|
|
// CredentialService manages Postgres credentials for system accounts.
|
|
// All RPCs require admin role.
|
|
service CredentialService {
|
|
rpc GetPGCreds(GetPGCredsRequest) returns (GetPGCredsResponse);
|
|
rpc SetPGCreds(SetPGCredsRequest) returns (SetPGCredsResponse);
|
|
}
|