syntax = "proto3";

package yandex.cloud.iam.v1;

import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "yandex/cloud/api/operation.proto";
import "yandex/cloud/iam/v1/api_key.proto";
import "yandex/cloud/operation/operation.proto";
import "yandex/cloud/validation.proto";

option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/iam/v1;iam";
option java_package = "yandex.cloud.api.iam.v1";

// A set of methods for managing API keys.
service ApiKeyService {
  // Retrieves the list of API keys for the specified service account.
  rpc List (ListApiKeysRequest) returns (ListApiKeysResponse) {
    option (google.api.http) = { get: "/iam/v1/apiKeys" };
  }

  // Returns the specified API key.
  //
  // To get the list of available API keys, make a [List] request.
  rpc Get (GetApiKeyRequest) returns (ApiKey) {
    option (google.api.http) = { get: "/iam/v1/apiKeys/{api_key_id}" };
  }

  // Creates an API key for the specified service account.
  rpc Create (CreateApiKeyRequest) returns (CreateApiKeyResponse) {
    option (google.api.http) = { post: "/iam/v1/apiKeys" body: "*" };
  }

  // Updates the specified API key.
  rpc Update (UpdateApiKeyRequest) returns (operation.Operation) {
    option (google.api.http) = { patch: "/iam/v1/apiKeys/{api_key_id}" body: "*" };
    option (yandex.cloud.api.operation) = {
      metadata: "UpdateApiKeyMetadata"
      response: "ApiKey"
    };
  }

  // Deletes the specified API key.
  rpc Delete (DeleteApiKeyRequest) returns (operation.Operation) {
    option (google.api.http) = { delete: "/iam/v1/apiKeys/{api_key_id}" };
    option (yandex.cloud.api.operation) = {
      metadata: "DeleteApiKeyMetadata"
      response: "google.protobuf.Empty"
    };
  }

  // Retrieves the list of operations for the specified API key.
  rpc ListOperations (ListApiKeyOperationsRequest) returns (ListApiKeyOperationsResponse) {
    option (google.api.http) = { get: "/iam/v1/apiKeys/{api_key_id}/operations" };
  }
}

message GetApiKeyRequest {
  // ID of the API key to return.
  // To get the API key ID, use a [ApiKeyService.List] request.
  string api_key_id = 1 [(required) = true, (length) = "<=50"];
}

message ListApiKeysRequest {
  // ID of the service account to list API keys for.
  // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request.
  // If not specified, it defaults to the subject that made the request.
  string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set

  // The maximum number of results per page to return. If the number of available
  // results is larger than [page_size],
  // the service returns a [ListApiKeysResponse.next_page_token]
  // that can be used to get the next page of results in subsequent list requests.
  // Default value: 100.
  int64 page_size = 2 [(value) = "0-1000"];

  // Page token. To get the next page of results, set [page_token]
  // to the [ListApiKeysResponse.next_page_token]
  // returned by a previous list request.
  string page_token = 3 [(length) = "<=100"];
}

message ListApiKeysResponse {
  // List of API keys.
  repeated ApiKey api_keys = 1;

  // This token allows you to get the next page of results for list requests. If the number of results
  // is larger than [ListApiKeysRequest.page_size], use
  // the [next_page_token] as the value
  // for the [ListApiKeysRequest.page_token] query parameter
  // in the next list request. Each subsequent list request will have its own
  // [next_page_token] to continue paging through the results.
  string next_page_token = 2;
}

message CreateApiKeyRequest {
  // ID of the service account to create an API key for.
  // To get the service account ID, use a [yandex.cloud.iam.v1.ServiceAccountService.List] request.
  // If not specified, it defaults to the subject that made the request.
  string service_account_id = 1 [(length) = "<=50"]; // use current subject identity if this not set

  // Description of the API key.
  string description = 2 [(length) = "<=256"];
}

message CreateApiKeyResponse {
  // ApiKey resource.
  ApiKey api_key = 1;

  // Secret part of the API key. This secret key you may use in the requests for authentication.
  string secret = 2;
}

message UpdateApiKeyRequest {
  // ID of the ApiKey resource to update.
  // To get the API key ID, use a [ApiKeyService.List] request.
  string api_key_id = 1 [(required) = true, (length) = "<=50"];

  // Field mask that specifies which fields of the ApiKey resource are going to be updated.
  google.protobuf.FieldMask update_mask = 2;

  // Description of the API key.
  string description = 3 [(length) = "<=256"];
}

message UpdateApiKeyMetadata {
  // ID of the ApiKey resource that is being updated.
  string api_key_id = 1;
}

message DeleteApiKeyRequest {
  // ID of the API key to delete.
  // To get the API key ID, use a [ApiKeyService.List] request.
  string api_key_id = 1 [(required) = true, (length) = "<=50"];
}

message DeleteApiKeyMetadata {
  // ID of the API key that is being deleted.
  string api_key_id = 1;
}

message ListApiKeyOperationsRequest {
  // ID of the key to list operations for.
  string api_key_id = 1 [(required) = true, (length) = "<=50"];

  // The maximum number of results per page to return. If the number of available
  // results is larger than [page_size],
  // the service returns a [ListApiKeyOperationsResponse.next_page_token]
  // that can be used to get the next page of results in subsequent list requests.
  // Default value: 100.
  int64 page_size = 2 [(value) = "0-1000"];

  // Page token. To get the next page of results, set [page_token] to the
  // [ListApiKeyOperationsResponse.next_page_token] returned by a previous list request.
  string page_token = 3 [(length) = "<=100"];
}

message ListApiKeyOperationsResponse {
  // List of operations for the specified API key.
  repeated operation.Operation operations = 1;

  // This token allows you to get the next page of results for list requests. If the number of results
  // is larger than [ListApiKeyOperationsRequest.page_size], use the [next_page_token] as the value
  // for the [ListApiKeyOperationsRequest.page_token] query parameter in the next list request.
  // Each subsequent list request will have its own [next_page_token] to continue paging through the results.
  string next_page_token = 2;
}
