diff --git a/javascript-web/generate_protos.sh b/javascript-web/generate_protos.sh index 37bf6bf..c82d4f7 100755 --- a/javascript-web/generate_protos.sh +++ b/javascript-web/generate_protos.sh @@ -65,7 +65,7 @@ mkdir $out # So we do a terrible hack to comment out the package declaration before generating the JS types, # but add them back before generating the GRPC web bindings -proto_file_list=" extensions.proto cacheclient.proto controlclient.proto auth.proto cacheping.proto cachepubsub.proto vectorindex.proto " +proto_file_list=" permissions.proto extensions.proto cacheclient.proto controlclient.proto auth.proto cacheping.proto cachepubsub.proto vectorindex.proto token.proto " echo "Backing up protos dir" cp -r ../proto ../proto.bak @@ -74,6 +74,7 @@ echo "Commenting out package declarations" for f in $proto_file_list do $sed_command 's/^\s*package \(.*\)/\/\/package \1/g' ../proto/${f} + $sed_command 's/permissions.Permissions/Permissions/g' ../proto/${f} done protoc -I=../proto -I=/usr/local/include \ diff --git a/javascript-web/index.ts b/javascript-web/index.ts index d5701cf..8614b59 100644 --- a/javascript-web/index.ts +++ b/javascript-web/index.ts @@ -1,4 +1,5 @@ export * as cache from './CacheclientServiceClientPb' export * as control from './ControlclientServiceClientPb' export * as auth from './AuthServiceClientPb' +export * as token from './TokenServiceClientPb' export * as ping from './CachepingServiceClientPb' diff --git a/javascript-web/package-lock.json b/javascript-web/package-lock.json index 578fdc8..89f5ca5 100644 --- a/javascript-web/package-lock.json +++ b/javascript-web/package-lock.json @@ -9,12 +9,15 @@ "version": "0.0.1", "license": "Apache-2.0", "dependencies": { + "google-protobuf": "3.21.2", "grpc-web": "1.4.2" }, "devDependencies": { "@tsconfig/node16": "1.0.2", + "@types/google-protobuf": "^3.15.6", "@types/node": "16.10.3", - "typescript": "4.4.3" + "google-protobuf": "3.21.2", + "typescript": "^4.9.5" } }, "node_modules/@tsconfig/node16": { @@ -23,21 +26,33 @@ "integrity": "sha512-eZxlbI8GZscaGS7kkc/trHTT5xgrjH3/1n2JDwusC9iahPKWMRvRjJSAN5mCXviuTGQ/lHnhvv8Q1YTpnfz9gA==", "dev": true }, + "node_modules/@types/google-protobuf": { + "version": "3.15.6", + "resolved": "https://registry.npmjs.org/@types/google-protobuf/-/google-protobuf-3.15.6.tgz", + "integrity": "sha512-pYVNNJ+winC4aek+lZp93sIKxnXt5qMkuKmaqS3WGuTq0Bw1ZDYNBgzG5kkdtwcv+GmYJGo3yEg6z2cKKAiEdw==", + "dev": true + }, "node_modules/@types/node": { "version": "16.10.3", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.10.3.tgz", "integrity": "sha512-ho3Ruq+fFnBrZhUYI46n/bV2GjwzSkwuT4dTf0GkuNFmnb8nq4ny2z9JEVemFi6bdEJanHLlYfy9c6FN9B9McQ==", "dev": true }, + "node_modules/google-protobuf": { + "version": "3.21.2", + "resolved": "https://registry.npmjs.org/google-protobuf/-/google-protobuf-3.21.2.tgz", + "integrity": "sha512-3MSOYFO5U9mPGikIYCzK0SaThypfGgS6bHqrUGXG3DPHCrb+txNqeEcns1W0lkGfk0rCyNXm7xB9rMxnCiZOoA==", + "dev": true + }, "node_modules/grpc-web": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/grpc-web/-/grpc-web-1.4.2.tgz", "integrity": "sha512-gUxWq42l5ldaRplcKb4Pw5O4XBONWZgz3vxIIXnfIeJj8Jc3wYiq2O4c9xzx/NGbbPEej4rhI62C9eTENwLGNw==" }, "node_modules/typescript": { - "version": "4.4.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.3.tgz", - "integrity": "sha512-4xfscpisVgqqDfPaJo5vkd+Qd/ItkoagnHpufr+i2QCHBsNYp+G7UAoyFl8aPtx879u38wPV65rZ8qbGZijalA==", + "version": "4.9.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -55,21 +70,33 @@ "integrity": "sha512-eZxlbI8GZscaGS7kkc/trHTT5xgrjH3/1n2JDwusC9iahPKWMRvRjJSAN5mCXviuTGQ/lHnhvv8Q1YTpnfz9gA==", "dev": true }, + "@types/google-protobuf": { + "version": "3.15.6", + "resolved": "https://registry.npmjs.org/@types/google-protobuf/-/google-protobuf-3.15.6.tgz", + "integrity": "sha512-pYVNNJ+winC4aek+lZp93sIKxnXt5qMkuKmaqS3WGuTq0Bw1ZDYNBgzG5kkdtwcv+GmYJGo3yEg6z2cKKAiEdw==", + "dev": true + }, "@types/node": { "version": "16.10.3", "resolved": "https://registry.npmjs.org/@types/node/-/node-16.10.3.tgz", "integrity": "sha512-ho3Ruq+fFnBrZhUYI46n/bV2GjwzSkwuT4dTf0GkuNFmnb8nq4ny2z9JEVemFi6bdEJanHLlYfy9c6FN9B9McQ==", "dev": true }, + "google-protobuf": { + "version": "3.21.2", + "resolved": "https://registry.npmjs.org/google-protobuf/-/google-protobuf-3.21.2.tgz", + "integrity": "sha512-3MSOYFO5U9mPGikIYCzK0SaThypfGgS6bHqrUGXG3DPHCrb+txNqeEcns1W0lkGfk0rCyNXm7xB9rMxnCiZOoA==", + "dev": true + }, "grpc-web": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/grpc-web/-/grpc-web-1.4.2.tgz", "integrity": "sha512-gUxWq42l5ldaRplcKb4Pw5O4XBONWZgz3vxIIXnfIeJj8Jc3wYiq2O4c9xzx/NGbbPEej4rhI62C9eTENwLGNw==" }, "typescript": { - "version": "4.4.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.3.tgz", - "integrity": "sha512-4xfscpisVgqqDfPaJo5vkd+Qd/ItkoagnHpufr+i2QCHBsNYp+G7UAoyFl8aPtx879u38wPV65rZ8qbGZijalA==", + "version": "4.9.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", "dev": true } } diff --git a/javascript-web/package.json b/javascript-web/package.json index f80c80d..446ba87 100644 --- a/javascript-web/package.json +++ b/javascript-web/package.json @@ -17,10 +17,13 @@ "license": "Apache-2.0", "devDependencies": { "@tsconfig/node16": "1.0.2", + "@types/google-protobuf": "^3.15.6", "@types/node": "16.10.3", - "typescript": "4.4.3" + "google-protobuf": "3.21.2", + "typescript": "^4.9.5" }, "dependencies": { + "google-protobuf": "3.21.2", "grpc-web": "1.4.2" }, "files": [ diff --git a/javascript/generate_protos.sh b/javascript/generate_protos.sh index 81636c2..50bb0cd 100755 --- a/javascript/generate_protos.sh +++ b/javascript/generate_protos.sh @@ -2,4 +2,4 @@ set -e set -x -PATH=node_modules/protoc-gen-ts/bin/:$PATH protoc -I=../proto -I=/usr/local/include --ts_out=src cacheclient.proto controlclient.proto cachepubsub.proto auth.proto cacheping.proto vectorindex.proto +PATH=node_modules/protoc-gen-ts/bin/:$PATH protoc -I=../proto -I=/usr/local/include --ts_out=src permissions.proto cacheclient.proto controlclient.proto cachepubsub.proto auth.proto cacheping.proto vectorindex.proto token.proto diff --git a/javascript/index.ts b/javascript/index.ts index dbac5a1..fd6cf5c 100644 --- a/javascript/index.ts +++ b/javascript/index.ts @@ -3,3 +3,4 @@ export * as control from './controlclient' export * as pubsub from './cachepubsub' export * as ping from './cacheping' export * as auth from './auth' +export * as token from './token' diff --git a/kotlin-messages/kotlin/messages/generated-sources/descriptors/client_protos.dsc b/kotlin-messages/kotlin/messages/generated-sources/descriptors/client_protos.dsc index aa5adfd..c21bd89 100644 Binary files a/kotlin-messages/kotlin/messages/generated-sources/descriptors/client_protos.dsc and b/kotlin-messages/kotlin/messages/generated-sources/descriptors/client_protos.dsc differ diff --git a/proto/auth.proto b/proto/auth.proto index c1d13a6..a5b2ca9 100644 --- a/proto/auth.proto +++ b/proto/auth.proto @@ -1,5 +1,7 @@ syntax = "proto3"; +import "permissions.proto"; + option go_package = "github.com/momentohq/client-sdk-go;client_sdk_go"; option java_multiple_files = true; option java_package = "momento.auth"; @@ -69,98 +71,9 @@ message _GenerateApiTokenRequest { Expires expires = 2; } - // Aliases for categories of functionality. - enum CacheRole { - CachePermitNone = 0; - // Restricts access to apis that read and write data from caches: No higher level resource description or modification. - CacheReadWrite = 1; - // Restricts access to apis that read from caches: No higher level resource description or modification. - CacheReadOnly = 2; - // Doesn't allow conditional write APIs (SetIfNotExists, IncreaseTTL etc) - CacheWriteOnly = 3; - } - - // Aliases for categories of functionality. - enum TopicRole { - TopicPermitNone = 0; - // Restricts access to apis that read and write data from topics: No higher level resource description or modification. - TopicReadWrite = 1; - // Restricts access to apis that read from topics: No higher level resource description or modification. - TopicReadOnly = 2; - // Only publish allowed - TopicWriteOnly = 3; - } - string auth_token = 3; - enum SuperUserPermissions { - SuperUser = 0; - } - - message Permissions { - oneof kind { - SuperUserPermissions super_user = 1; - ExplicitPermissions explicit = 2; - } - } - - message ExplicitPermissions { - repeated PermissionsType permissions = 1; - } - - message PermissionsType { - oneof kind { - CachePermissions cache_permissions = 1; - TopicPermissions topic_permissions = 2; - } - - message All {} - - message CacheSelector { - oneof kind { - string cache_name = 1; - } - } - - message CacheItemSelector { - oneof kind { - bytes key = 1; - bytes key_prefix = 2; - } - } - - message CachePermissions { - CacheRole role = 1; - oneof cache { - All all_caches = 2; - CacheSelector cache_selector = 3; - } - oneof cache_item { - All all_items = 4; - CacheItemSelector item_selector = 5; - } - } - - message TopicSelector { - oneof kind { - string topic_name = 1; - } - } - - message TopicPermissions { - TopicRole role = 1; - oneof cache { - All all_caches = 2; - CacheSelector cache_selector = 3; - } - oneof topic { - All all_topics = 4; - TopicSelector topic_selector = 5; - } - } - } - - Permissions permissions = 4; + permissions.Permissions permissions = 4; } message _GenerateApiTokenResponse { diff --git a/proto/permissions.proto b/proto/permissions.proto new file mode 100644 index 0000000..b6cbebf --- /dev/null +++ b/proto/permissions.proto @@ -0,0 +1,96 @@ +syntax = "proto3"; + +option go_package = "github.com/momentohq/client-sdk-go;client_sdk_go"; +option java_multiple_files = true; +option java_package = "momento.shared.permissions"; + +package permissions; + +// Aliases for categories of functionality. +enum CacheRole { + CachePermitNone = 0; + // Restricts access to apis that read and write data from caches: No higher level resource description or modification. + CacheReadWrite = 1; + // Restricts access to apis that read from caches: No higher level resource description or modification. + CacheReadOnly = 2; + // Doesn't allow conditional write APIs (SetIfNotExists, IncreaseTTL etc) + CacheWriteOnly = 3; +} + +// Aliases for categories of functionality. +enum TopicRole { + TopicPermitNone = 0; + // Restricts access to apis that read and write data from topics: No higher level resource description or modification. + TopicReadWrite = 1; + // Restricts access to apis that read from topics: No higher level resource description or modification. + TopicReadOnly = 2; + // Only publish allowed + TopicWriteOnly = 3; +} + +enum SuperUserPermissions { + SuperUser = 0; +} + +message Permissions { + oneof kind { + SuperUserPermissions super_user = 1; + ExplicitPermissions explicit = 2; + } +} + +message ExplicitPermissions { + repeated PermissionsType permissions = 1; +} + +message PermissionsType { + oneof kind { + CachePermissions cache_permissions = 1; + TopicPermissions topic_permissions = 2; + } + + message All {} + + message CacheSelector { + oneof kind { + string cache_name = 1; + } + } + + message CacheItemSelector { + oneof kind { + bytes key = 1; + bytes key_prefix = 2; + } + } + + message CachePermissions { + CacheRole role = 1; + oneof cache { + All all_caches = 2; + CacheSelector cache_selector = 3; + } + oneof cache_item { + All all_items = 4; + CacheItemSelector item_selector = 5; + } + } + + message TopicSelector { + oneof kind { + string topic_name = 1; + } + } + + message TopicPermissions { + TopicRole role = 1; + oneof cache { + All all_caches = 2; + CacheSelector cache_selector = 3; + } + oneof topic { + All all_topics = 4; + TopicSelector topic_selector = 5; + } + } +} \ No newline at end of file diff --git a/proto/token.proto b/proto/token.proto new file mode 100644 index 0000000..a542130 --- /dev/null +++ b/proto/token.proto @@ -0,0 +1,37 @@ +syntax = "proto3"; + +import "permissions.proto"; + +option go_package = "github.com/momentohq/client-sdk-go;client_sdk_go"; +option java_multiple_files = true; +option java_package = "momento.token"; + +package token; + +service Token { + rpc GenerateAuthAcorn (_GenerateAuthAcornRequest) returns (_GenerateAuthAcornResponse) {} +} + +message _GenerateAuthAcornRequest { + // generate a token that has an expiry + message Expires { + // how many seconds do you want the api token to be valid for? + uint32 valid_for_seconds = 1; + } + + Expires expires = 1; + + string auth_token = 2; + + permissions.Permissions permissions = 3; +} + +message _GenerateAuthAcornResponse { + // the new api key used for authentication against Momento backend + string api_key = 1; + // the Momento endpoint that this token is allowed to make requests against + string endpoint = 2; + // epoch seconds when the api token expires + uint64 valid_until = 3; + +} diff --git a/python/run-protoc.sh b/python/run-protoc.sh index 0864640..800e3de 100755 --- a/python/run-protoc.sh +++ b/python/run-protoc.sh @@ -23,7 +23,7 @@ do if [[ $python_protobuf_version == "protobuf>4" ]]; then pyi_out="--pyi_out=$src_path" fi - poetry run python -m grpc_tools.protoc -I../proto --python_out=$src_path $pyi_out --grpc_python_out=$src_path extensions.proto cacheclient.proto controlclient.proto auth.proto cachepubsub.proto vectorindex.proto + poetry run python -m grpc_tools.protoc -I../proto --python_out=$src_path $pyi_out --grpc_python_out=$src_path permissions.proto extensions.proto cacheclient.proto controlclient.proto auth.proto cachepubsub.proto vectorindex.proto token.proto # A shortcoming of the generated code is in the grpc generated code, # the protobuf imports are absolute instead of relative. diff --git a/rust/momento-protos/src/lib.rs b/rust/momento-protos/src/lib.rs index ee7032b..d469889 100644 --- a/rust/momento-protos/src/lib.rs +++ b/rust/momento-protos/src/lib.rs @@ -1,7 +1,15 @@ +pub mod permissions { + include!("permissions.rs"); +} + pub mod auth { include!("auth.rs"); } +pub mod token { + include!("token.rs"); +} + pub mod cache_client { include!("cache_client.rs"); diff --git a/rust/proto_generator/build.rs b/rust/proto_generator/build.rs index 8c76c84..b05c17e 100644 --- a/rust/proto_generator/build.rs +++ b/rust/proto_generator/build.rs @@ -9,13 +9,18 @@ fn main() { eprintln!("workspace projects - because this project is _specifically_ supposed to not be a Cargo dependency."); eprintln!("We did this so downstream users don't need to have protoc when compiling momento-protos!"); + eprintln!("If you are finding that your builds work locally, but not in CI, then you need to manual cleanup some artifacts"); + eprintln!("Clear out the `momento-protos/src` of all protos besides lib.rs, then run `cargo clean` and `cargo build`."); + tonic_build::configure() .build_client(true) .build_server(true) .out_dir(out_dir) .compile( &[ + format!("{proto_dir}/permissions.proto"), format!("{proto_dir}/auth.proto"), + format!("{proto_dir}/token.proto"), format!("{proto_dir}/cacheclient.proto"), format!("{proto_dir}/cachepubsub.proto"), format!("{proto_dir}/controlclient.proto"),