Add Group API

cs3/gateway/v1beta1/gateway_api.proto

@@ -34,6 +34,7 @@ import "cs3/auth/registry/v1beta1/registry_api.proto";
 import "cs3/gateway/v1beta1/resources.proto";
 import "cs3/identity/user/v1beta1/resources.proto";
 import "cs3/identity/user/v1beta1/user_api.proto";
+import "cs3/identity/group/v1beta1/group_api.proto";
 import "cs3/ocm/core/v1beta1/ocm_core_api.proto";
 import "cs3/ocm/invite/v1beta1/invite_api.proto";
 import "cs3/ocm/provider/v1beta1/provider_api.proto";
@@ -279,8 +280,21 @@ service GatewayAPI {
   // Finds users by any attribute of the user.
   // TODO(labkode): to define the filters that make more sense.
   rpc FindUsers(cs3.identity.user.v1beta1.FindUsersRequest) returns (cs3.identity.user.v1beta1.FindUsersResponse);
+  // *****************************************************************/
+  // ************************ GROUP PROVIDER **************************/
+  // *****************************************************************/
+
+  // Gets the information about a group by the group id.
+  rpc GetGroup(cs3.identity.group.v1beta1.GetGroupRequest) returns (cs3.identity.group.v1beta1.GetGroupResponse);
+  // Gets the information about a group based on a specified claim.
+  rpc GetGroupByClaim(cs3.identity.group.v1beta1.GetGroupByClaimRequest) returns (cs3.identity.group.v1beta1.GetGroupByClaimResponse);
+  // Gets the members of a group.
+  rpc GetMembers(cs3.identity.group.v1beta1.GetMembersRequest) returns (cs3.identity.group.v1beta1.GetMembersResponse);
+  // Tells if the group has a certain member.
+  rpc HasMember(cs3.identity.group.v1beta1.HasMemberRequest) returns (cs3.identity.group.v1beta1.HasMemberResponse);
+  // TODO(labkode): to define the filters that make more sense.
   // Finds groups whose names match the specified filter.
-  rpc FindGroups(cs3.identity.user.v1beta1.FindGroupsRequest) returns (cs3.identity.user.v1beta1.FindGroupsResponse);
+  rpc FindGroups(cs3.identity.group.v1beta1.FindGroupsRequest) returns (cs3.identity.group.v1beta1.FindGroupsResponse);
   // *****************************************************************/
   // ************************ AUTH REGISTRY  **************************/
   // *****************************************************************/

cs3/identity/group/v1beta1/group_api.proto

@@ -0,0 +1,176 @@
+// Copyright 2018-2019 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.identity.group.v1beta1;
+
+option csharp_namespace = "Cs3.Identity.Group.V1Beta1";
+option go_package = "groupv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "GroupApiProto";
+option java_package = "com.cs3.identity.group.v1beta1";
+option objc_class_prefix = "CIG";
+option php_namespace = "Cs3\\Identity\\Group\\V1Beta1";
+
+import "cs3/identity/user/v1beta1/resources.proto";
+import "cs3/identity/group/v1beta1/resources.proto";
+import "cs3/rpc/v1beta1/status.proto";
+import "cs3/types/v1beta1/types.proto";
+
+// UserProvider API.
+//
+// The UserProvider API is responsible for creating
+// a key-value map according to group groupprovider.
+//
+// The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
+// NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
+// "OPTIONAL" in this document are to be interpreted as described in
+// RFC 2119.
+//
+// The following are global requirements that apply to all methods:
+// Any method MUST return CODE_OK on a succesful operation.
+// Any method MAY return NOT_IMPLEMENTED.
+// Any method MAY return INTERNAL.
+// Any method MAY return UNKNOWN.
+// Any method MAY return UNAUTHENTICATED.
+
+// Provides an API for managing groups.
+service GroupAPI {
+  // Gets the information about a group by the group id.
+  rpc GetGroup(GetGroupRequest) returns (GetGroupResponse);
+  // Gets the information about a group based on a specified claim.
+  rpc GetGroupByClaim(GetGroupByClaimRequest) returns (GetGroupByClaimResponse);
+  // Gets the members of a group.
+  rpc GetMembers(GetMembersRequest) returns (GetMembersResponse);
+  // Tells if the group has certain member.
+  rpc HasMember(HasMemberRequest) returns (HasMemberResponse);
+  // Finds groups whose names match the specified filter.
+  rpc FindGroups(FindGroupsRequest) returns (FindGroupsResponse);
+}
+
+message GetGroupRequest {
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 1;
+  // REQUIRED.
+  // The id of the group.
+  cs3.identity.group.v1beta1.GroupId group_id = 2;
+}
+
+message GetGroupResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 2;
+  // REQUIRED.
+  // The group information.
+  Group group = 3;
+}
+
+message GetGroupByClaimRequest {
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 1;
+  // REQUIRED.
+  // The claim on the basis of which groups will be filtered.
+  string claim = 2;
+  // REQUIRED.
+  // The value of the claim to find the specific group.
+  string value = 3;
+}
+
+message GetGroupByClaimResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 2;
+  // REQUIRED.
+  // The group information.
+  Group group = 3;
+}
+
+message GetMembersRequest {
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 1;
+  // REQUIRED.
+  // The id of the group.
+  cs3.identity.group.v1beta1.GroupId group_id = 2;
+}
+
+message GetMembersResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 2;
+  // REQUIRED.
+  // The members of the group.
+  repeated cs3.identity.user.v1beta1.UserId members = 3;
+}
+
+message HasMemberRequest {
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 1;
+  // REQUIRED.
+  // The id of the group.
+  cs3.identity.group.v1beta1.GroupId group_id = 2;
+  // REQUIRED.
+  // The id of the user to check.
+  cs3.identity.user.v1beta1.UserId user_id = 3;
+}
+
+message HasMemberResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 2;
+  // REQUIRED.
+  // Tells if the user belongs to the group.
+  bool ok = 3;
+}
+
+message FindGroupsRequest {
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 1;
+  // REQUIRED.
+  // The filter to apply.
+  string filter = 2;
+}
+
+message FindGroupsResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+  // OPTIONAL.
+  // Opaque information.
+  cs3.types.v1beta1.Opaque opaque = 2;
+  // REQUIRED.
+  // The groups matching the specified filter.
+  repeated Group groups = 3;
+}

cs3/identity/group/v1beta1/resources.proto

@@ -0,0 +1,55 @@
+// Copyright 2018-2019 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.identity.group.v1beta1;
+
+option csharp_namespace = "Cs3.Identity.Group.V1Beta1";
+option go_package = "groupv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "ResourcesProto";
+option java_package = "com.cs3.identity.group.v1beta1";
+option objc_class_prefix = "CIG";
+option php_namespace = "Cs3\\Identity\\Group\\V1Beta1";
+
+import "cs3/identity/user/v1beta1/resources.proto";
+import "cs3/types/v1beta1/types.proto";
+
+// A GroupId represents a group.
+message GroupId {
+  // REQUIRED.
+  // The identity provider for the group.
+  string idp = 1;
+  // REQUIRED.
+  // the unique identifier for the group in the scope of
+  // the identity provider.
+  string opaque_id = 2;
+}
+
+// Represents a group of the system.
+message Group {
+  GroupId id = 1;
+  string group_name = 2;
+  int64 gid_number = 3;
+  string mail = 4;
+  bool mail_verified = 5;
+  string display_name = 6;
+  repeated cs3.identity.user.v1beta1.UserId members = 7;
+  cs3.types.v1beta1.Opaque opaque = 8;
+}

cs3/identity/user/v1beta1/resources.proto

@@ -50,4 +50,6 @@ message User {
   string display_name = 5;
   repeated string groups = 6;
   cs3.types.v1beta1.Opaque opaque = 7;
+  int64 uid_number = 8;
+  int64 gid_number = 9;
 }

cs3/identity/user/v1beta1/user_api.proto

@@ -29,6 +29,7 @@ option objc_class_prefix = "CIU";
 option php_namespace = "Cs3\\Identity\\User\\V1Beta1";
 
 import "cs3/identity/user/v1beta1/resources.proto";
+import "cs3/identity/group/v1beta1/resources.proto";
 import "cs3/rpc/v1beta1/status.proto";
 import "cs3/types/v1beta1/types.proto";
 
@@ -62,8 +63,6 @@ service UserAPI {
   // Finds users by any attribute of the user.
   // TODO(labkode): to define the filters that make more sense.
   rpc FindUsers(FindUsersRequest) returns (FindUsersResponse);
-  // Finds groups whose names match the specified filter.
-  rpc FindGroups(FindGroupsRequest) returns (FindGroupsResponse);
 }
 
 message GetUserRequest {
@@ -140,8 +139,8 @@ message IsInGroupRequest {
   // The id of the user.
   cs3.identity.user.v1beta1.UserId user_id = 2;
   // REQUIRED.
-  // The group to check.
-  string group = 3;
+  // The id of the group to check.
+  cs3.identity.group.v1beta1.GroupId group_id = 3;
 }
 
 message IsInGroupResponse {
@@ -177,23 +176,3 @@ message FindUsersResponse {
   repeated User users = 3;
 }
 
-message FindGroupsRequest {
-  // OPTIONAL.
-  // Opaque information.
-  cs3.types.v1beta1.Opaque opaque = 1;
-  // REQUIRED.
-  // The filter to apply.
-  string filter = 2;
-}
-
-message FindGroupsResponse {
-  // REQUIRED.
-  // The response status.
-  cs3.rpc.v1beta1.Status status = 1;
-  // OPTIONAL.
-  // Opaque information.
-  cs3.types.v1beta1.Opaque opaque = 2;
-  // REQUIRED.
-  // The groups matching the specified filter.
-  repeated string groups = 3;
-}