Cloud API: Nexus Incoming/Outgoing Service Definitions #16
Conversation
mastermanu
changed the title
| // Filter incoming services by the namespace they route to - optional. | ||
| string namespace = 3; | ||
|
|
||
| // Filter incoming services by the task queue they route to - optional. |
There was a problem hiding this comment.
nit: Do we really need to support filtering with task_queue? Can't think of a usecase.
There was a problem hiding this comment.
spoke offline, we think this is useful to have this filter here
|
|
||
| // The set of authorization policies for the service. Each request's caller | ||
| // must match with at least one of the specs to be accepted by the incoming service | ||
| repeated IncomingServiceAuthorizationSpec authorization_spec = 4; |
There was a problem hiding this comment.
Does the ordering of these specs mean anything? If yes, we need to make sure we can retrieve the same ordering that the user provides.
| CloudIncomingServiceSpec cloud_incoming_service_spec = 2; | ||
| } | ||
|
|
||
| message CloudIncomingServiceSpec { |
There was a problem hiding this comment.
| message CloudIncomingServiceSpec { | |
| message TargetCloudIncomingServiceSpec { |
Otherwise its very confusing with the IncomingServiceSpec that we already have.
|
|
||
| // The current state of the service. | ||
| // Possible values: activating, activationfailed, active, updating, updatefailed, deleting, deletefailed, deleted | ||
| // For any failed state, reach out to Temporal Cloud support for remediation. |
There was a problem hiding this comment.
mention eventual consistency here?
mastermanu
requested review from
MichaelSnowden,
sergeybykov and
cretz
and removed request for
sergeybykov
| @@ -229,3 +230,187 @@ message GetRegionResponse { | |||
| // The temporal cloud region. | |||
| temporal.api.cloud.region.v1.Region region = 1; | |||
| } | |||
|
|
|||
| message GetIncomingServicesRequest { | |||
There was a problem hiding this comment.
Wonder why not call this "list" instead of "get", I find this confusing but I figure it's consistent with other cloud APIs.
There was a problem hiding this comment.
Please mention if these are AND or OR filters in the comment for this message.
There was a problem hiding this comment.
yeah the list vs get is for consistency with existing cloud apis. could have been list.
these are AND filters. will update comments
|
|
||
| message GetIncomingServiceRequest { | ||
| // The id of the incoming service to get | ||
| string incoming_service_id = 1; |
There was a problem hiding this comment.
nit: can we just call this id? it's already in the context of an GetIncomingServiceRequest.
There was a problem hiding this comment.
we can. I was trying to be consistent with this one: https://github.com/temporalio/api-cloud/blob/main/temporal/api/cloud/cloudservice/v1/request_response.proto#L33 but I definitely wish that used id
will leave as-is for now unless there is strong feeling about it
| string next_page_token = 2; | ||
| } | ||
|
|
||
| message GetIncomingServiceRequest { |
There was a problem hiding this comment.
| message GetIncomingServiceRequest { | |
| message GetIncomingServiceByIdRequest { |
Just in case we want to add a "by name" request?
The list approach is also fine, just a bit harder to use IMHO.
There was a problem hiding this comment.
Can it simply be 'GetIncomingServiceRequest' and if/when we add by name, we'd add 'GetIncomingServiceByNameRequest'? Or is this against a convention for the 'ById' suffix we already use? I see that in
we named a similar message 'GetUserRequest' even though it takes a user ID.There was a problem hiding this comment.
agreeing with sergey here. am inclined towards leaving this as is for now (e.g. GetIncomingServiceRequest) just to be consistent with existing cloud user apis
the weirdness is that when we translate this to HTTP path, we would end up creating a different path at that time probably, but not the end of the world if we have to introduce that
| // The name of the outgoing service to filter on - optional. Specifying this will result in zero or one results. | ||
| string name = 4; |
There was a problem hiding this comment.
Not really useful as a filter, this is basically a Get request.
There was a problem hiding this comment.
right, this is what we did for our Users api (users have a static id, but you call GetUsersRequset and can supply an email address), so this is just an attempt to stay consistent.
There was a problem hiding this comment.
@anekkanti - thoughts? we basically followed the users model, which relies on this
| // Gets all known incoming services | ||
| rpc GetIncomingServices(GetIncomingServicesRequest) returns (GetIncomingServicesResponse) { | ||
| option (google.api.http) = { | ||
| get: "/api/v1/nexus/incomingservices", |
There was a problem hiding this comment.
Can we add a /by-id or /id suffix to this URL just in case we want to allow looking up by name eventually?
There was a problem hiding this comment.
since I am following what we do for users, I've kept the same format (which doesn't have by-id or id either..). @anekkanti , thoughts?
There was a problem hiding this comment.
I think for the default behavior (by ID) we don't need to add a suffix.
There was a problem hiding this comment.
yes, am inclined to leave as-is as well. can always add suffix later if needed
| message IncomingServiceAuthorizationSpec { | ||
| // The policy set on this incoming service authorization spec. | ||
| // Possible values are: allowed_cloud_namespace | ||
| string policy_type = 1; |
There was a problem hiding this comment.
Why not make this an enum, I'm curious?
There was a problem hiding this comment.
@anekkanti can comment here. We appear to have stayed away from enums elsewhere (and are using strings instead), so this is just being consistent with the existing cloud APIs
| // The name of the outgoing service. Must be unique within the namespace. | ||
| // The name must match `[a-zA-Z_][a-zA-Z0-9_]*`. | ||
| // This name is immutable. | ||
| string name = 1; |
There was a problem hiding this comment.
This is the identifier, doesn't belong in the spec AFAICT.
There was a problem hiding this comment.
that seems to be what we have done for namespace and for outgoing service. it is a property a user can set (albeit only on create), so we happened to put it on spec. can try and move it off, but it does create some inconsistency with the other cloud apis
| // The namespace this outgoing service is attached to. | ||
| string namespace = 2; |
There was a problem hiding this comment.
Should this be = 1? It's essentially the first part of the identifier.
There was a problem hiding this comment.
good point. reordered
| string next_page_token = 2; | ||
| } | ||
|
|
||
| message GetIncomingServiceRequest { |
There was a problem hiding this comment.
Can it simply be 'GetIncomingServiceRequest' and if/when we add by name, we'd add 'GetIncomingServiceByNameRequest'? Or is this against a convention for the 'ById' suffix we already use? I see that in
we named a similar message 'GetUserRequest' even though it takes a user ID.| // Gets all known incoming services | ||
| rpc GetIncomingServices(GetIncomingServicesRequest) returns (GetIncomingServicesResponse) { | ||
| option (google.api.http) = { | ||
| get: "/api/v1/nexus/incomingservices", |
There was a problem hiding this comment.
I think for the default behavior (by ID) we don't need to add a suffix.
mastermanu
changed the title
| google.protobuf.Timestamp created_time = 6; | ||
|
|
||
| // The date and time when the service was last modified. | ||
| // Will not be set if the service has never been modified. |
There was a problem hiding this comment.
Curious why not default this to created_time? Is this for consistency with other APIs?
There was a problem hiding this comment.
yeah, this is just for consistency. could have definitely been defaulted to created_time here
…ming_service_draft_nexus
| // The set of authorization policies for the service. Each request's caller | ||
| // must match with at least one of the specs to be accepted by the incoming service. | ||
| repeated IncomingServiceAuthorizationSpec authorization_specs = 4; |
There was a problem hiding this comment.
I think maybe instead of auth spec, we might want to have a general message to also add limits (rate, concurrency, etc..) and other properties for every caller (only namespaces for now).
|
abandoning as there is replacement PR |
No description provided.