syntax = "proto3";

package yandex.cloud.mdb.postgresql.v1;

import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/wrappers.proto";
import "yandex/cloud/operation/operation.proto";
import "yandex/cloud/validation.proto";
import "yandex/cloud/mdb/postgresql/v1/user.proto";
import "yandex/cloud/api/operation.proto";

option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/mdb/postgresql/v1;postgresql";
option java_package = "yandex.cloud.api.mdb.postgresql.v1";

// A set of methods for managing PostgreSQL User resources.
service UserService {
  // Returns the specified PostgreSQL User resource.
  //
  // To get the list of available PostgreSQL User resources, make a [List] request.
  rpc Get (GetUserRequest) returns (User) {
    option (google.api.http) = { get: "/managed-postgresql/v1/clusters/{cluster_id}/users/{user_name}" };
  }

  // Retrieves the list of PostgreSQL User resources in the specified cluster.
  rpc List (ListUsersRequest) returns (ListUsersResponse) {
    option (google.api.http) = { get: "/managed-postgresql/v1/clusters/{cluster_id}/users" };
  }

  // Creates a PostgreSQL user in the specified cluster.
  rpc Create (CreateUserRequest) returns (operation.Operation) {
    option (google.api.http) = { post: "/managed-postgresql/v1/clusters/{cluster_id}/users" body: "*" };
    option (yandex.cloud.api.operation) = {
      metadata: "CreateUserMetadata"
      response: "User"
    };
  }

  // Updates the specified PostgreSQL user.
  rpc Update (UpdateUserRequest) returns (operation.Operation) {
    option (google.api.http) = { patch: "/managed-postgresql/v1/clusters/{cluster_id}/users/{user_name}" body: "*" };
    option (yandex.cloud.api.operation) = {
      metadata: "UpdateUserMetadata"
      response: "User"
    };
  }

  // Deletes the specified PostgreSQL user.
  rpc Delete (DeleteUserRequest) returns (operation.Operation) {
    option (google.api.http) = { delete: "/managed-postgresql/v1/clusters/{cluster_id}/users/{user_name}" };
    option (yandex.cloud.api.operation) = {
      metadata: "DeleteUserMetadata"
      response: "google.protobuf.Empty"
    };
  }

  // Grants permission to the specified PostgreSQL user.
  rpc GrantPermission (GrantUserPermissionRequest) returns (operation.Operation) {
    option (google.api.http) = { post: "/managed-postgresql/v1/clusters/{cluster_id}/users/{user_name}:grantPermission" body: "*" };
    option (yandex.cloud.api.operation) = {
      metadata: "GrantUserPermissionMetadata"
      response: "User"
    };
  }

  // Revokes permission from the specified PostgreSQL user.
  rpc RevokePermission (RevokeUserPermissionRequest) returns (operation.Operation) {
    option (google.api.http) = { post: "/managed-postgresql/v1/clusters/{cluster_id}/users/{user_name}:revokePermission" body: "*" };
    option (yandex.cloud.api.operation) = {
      metadata: "RevokeUserPermissionMetadata"
      response: "User"
    };
  }
}

message GetUserRequest {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Name of the PostgreSQL User resource to return.
  // To get the name of the user, use a [UserService.List] request.
  string user_name = 2 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];
}

message ListUsersRequest {
  // ID of the cluster to list PostgreSQL users in.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // The maximum number of results per page to return. If the number of available
  // results is larger than `page_size`, the service returns a [ListUsersResponse.next_page_token]
  // that can be used to get the next page of results in subsequent list requests.
  int64 page_size = 2 [(value) = "<=1000"];

  // Page token. To get the next page of results, set `page_token` to the [ListUsersResponse.next_page_token]
  // returned by a previous list request.
  string page_token = 3 [(length) = "<=100"];
}

message ListUsersResponse {
  // List of PostgreSQL User resources.
  repeated User users = 1;

  // This token allows you to get the next page of results for list requests. If the number of results
  // is larger than [ListUsersRequest.page_size], use the `next_page_token` as the value
  // for the [ListUsersRequest.page_token] parameter in the next list request. Each subsequent
  // list request will have its own `next_page_token` to continue paging through the results.
  string next_page_token = 2;
}

message CreateUserRequest {
  // ID of the PostgreSQL cluster to create a user in.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Properties of the user to be created.
  UserSpec user_spec = 2 [(required) = true];
}

message CreateUserMetadata {
  // ID of the PostgreSQL cluster the user is being created in.
  string cluster_id = 1;

  // Name of the user that is being created.
  string user_name = 2;
}

message UpdateUserRequest {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Name of the user to be updated.
  // To get the name of the user use a [UserService.List] request.
  string user_name = 2 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];

  // Field mask that specifies which fields of the PostgreSQL User resource should be updated.
  google.protobuf.FieldMask update_mask = 3;

  // New password for the user.
  string password = 4 [(length) = "8-128"];

  // Set of permissions granted to the user to access specific databases.
  repeated Permission permissions = 5;

  // Maximum number of database connections available to the user.
  //
  // When used in session pooling, this setting limits the number of connections to every single host in PostgreSQL cluster. In this case, the setting's value must be greater than the total number of connections that backend services can open to access the PostgreSQL cluster. The setting's value should not exceed the value of the [Cluster.config.postgresql_config.max_connections] setting.
  //
  // When used in transaction pooling, this setting limits the number of user's active transactions; therefore, in this mode user can open thousands of connections, but only `N` concurrent connections will be opened, where `N` is the value of the setting.
  //
  // Minimum value: `10` (default: `50`), when used in session pooling.
  int64 conn_limit = 6 [(value) = ">=10"];

  UserSettings settings = 7;

  // This flag defines whether the user can login to a PostgreSQL database.
  //
  // Default value: `true` (login is allowed).
  google.protobuf.BoolValue login = 8;

  // Roles and privileges that are granted to the user (`GRANT <role> TO <user>`).
  //
  // For more information, see [the documentation](/docs/managed-postgresql/operations/grant).
  repeated string grants = 9 [(length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];
}

message UpdateUserMetadata {
  // ID of the PostgreSQL cluster the user belongs to.
  string cluster_id = 1;

  // Name of the user that is being updated.
  string user_name = 2;
}

message DeleteUserRequest {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Name of the user to delete.
  // To get the name of the user, use a [UserService.List] request.
  string user_name = 2 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];
}

message DeleteUserMetadata {
  // ID of the PostgreSQL cluster the user belongs to.
  string cluster_id = 1;

  // Name of the user that is being deleted.
  string user_name = 2;
}

message GrantUserPermissionRequest {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Name of the user to grant the permission to.
  // To get the name of the user, use a [UserService.List] request.
  string user_name = 2 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];

  // Permission that should be granted to the specified user.
  Permission permission = 3 [(required) = true];
}

message GrantUserPermissionMetadata {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1;

  // Name of the user that is being granted a permission.
  string user_name = 2;
}

message RevokeUserPermissionRequest {
  // ID of the PostgreSQL cluster the user belongs to.
  // To get the cluster ID, use a [ClusterService.List] request.
  string cluster_id = 1 [(required) = true, (length) = "<=50"];

  // Name of the user to revoke a permission from.
  // To get the name of the user, use a [UserService.List] request.
  string user_name = 2 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];

  // Name of the database that the user should lose access to.
  string database_name = 3 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_-]*"];
}

message RevokeUserPermissionMetadata {
  // ID of the PostgreSQL cluster the user belongs to.
  string cluster_id = 1;

  // Name of the user whose permission is being revoked.
  string user_name = 2;
}
