syntax = "proto3";

package inlinev1beta1;

option go_package = "github.com/grafana/grafana/apps/secret/inline/v1beta1;inlinev1beta1";

message ObjectReference {
    // APIGroup is the name of the API group that contains the referred object.
    // The empty string represents the core API group.
    string api_group = 1;

    // APIVersion is the version of the API group that contains the referred object.
    string api_version = 2;

    // See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    string kind = 3;

    // Tenant isolation
    string namespace = 4;

    // Explicit resource identifier
    string name = 5;
}

message CanReferenceRequest {
    // Owner reference.
    ObjectReference owner = 1;
 
    // Secure value names to check.
    repeated string names = 2; 
}

message CanReferenceResponse {}

message CreateInlineRequest {
    // Owner reference.
    ObjectReference owner = 1;

    // Raw secret value.
    string value = 2;
}

message CreateInlineResponse {
    // The name of the created secure value.
    string name = 1;
}

message DeleteWhenOwnedByResourceRequest {
    // Owner reference.
    ObjectReference owner = 1;

    // Name of the secure values to delete.
    repeated string names = 2; 
}

message DeleteWhenOwnedByResourceResponse {}

service InlineSecureValueService {
    // Check that the request user can reference a secret in the context of a given resource (owner)
    rpc CanReference(CanReferenceRequest) returns (CanReferenceResponse);

    // CreateInline creates a secret that is owned by the referenced object. Returns the name of the created secret or an error
    rpc CreateInline(CreateInlineRequest) returns (CreateInlineResponse);

    // DeleteWhenOwnedByResource removes secrets if and only if they are owned by a referenced object
    rpc DeleteWhenOwnedByResource(DeleteWhenOwnedByResourceRequest) returns (DeleteWhenOwnedByResourceResponse);
}