release/serviceaccount.v1: Publish the API

Change-Id: I0a99b5f8dfba46d30abeaeb4e911cb7c996c8eac

arista/serviceaccount.v1/serviceaccount-changelog.yaml

@@ -0,0 +1,33 @@
+# Copyright (c) 2023 Arista Networks, Inc. All rights reserved.
+# Use of this source code is governed by the Apache License 2.0
+# that can be found in the COPYING file.
+
+# Add a short description of each model change here.
+# New entries go on top.
+
+Changes:
+    - date: 2023-12-06
+      description: Update documentation and publish the API
+      version: 1.2.1
+      cvaas: true
+      onprem: true
+
+    - date: 2020-06-22
+      description: Drop Status suffix from state
+      version: 1.2.0
+
+    - date: 2020-05-11
+      description: Add model for accounts
+      version: 1.1.0
+
+    - date: 2020-05-06
+      description: set fmp.require_set_key to false
+      version: 1.0.2
+
+    - date: 2020-04-10
+      description: changed Go package name to a versionless one
+      version: 1.0.1
+
+    - date: 2020-04-10
+      description: Initial revision
+      version: 1.0.0

arista/serviceaccount.v1/serviceaccount.proto

@@ -0,0 +1,106 @@
+// Copyright (c) 2023 Arista Networks, Inc.  All rights reserved.
+// Use of this source code is governed by the Apache License 2.0
+// that can be found in the COPYING file.
+
+syntax = "proto3";
+
+package arista.serviceaccount.v1;
+
+option go_package = "arista/resources/arista/serviceaccount.v1;serviceaccount";
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/wrappers.proto";
+
+import "fmp/extensions.proto";
+import "fmp/wrappers.proto";
+
+// AccountKey contains the name of the service account.
+message AccountKey {
+    option (fmp.model_key) = true;
+    // name is the unique identifier of the service account.
+    google.protobuf.StringValue name = 1;
+}
+
+// AccountStatus determines whether an service account is enabled or disabled.
+enum AccountStatus {
+    // ACCOUNT_STATUS_UNSPECIFIED indicates the service account status is unspecified.
+    ACCOUNT_STATUS_UNSPECIFIED = 0;
+    // ACCOUNT_STATUS_ENABLED indicates the service account is enabled.
+    ACCOUNT_STATUS_ENABLED = 1;
+    // ACCOUNT_STATUS_DISABLED indicates the service account is disabled.
+    ACCOUNT_STATUS_DISABLED = 2;
+}
+
+// AccountConfig holds the configuration for a service account.
+message AccountConfig {
+    option (fmp.model) = "rw";
+    // key contains the name of the service account.
+    AccountKey key = 1;
+    // status determines if the service account is enabled or disabled. New service accounts are
+    // enabled by default.
+    AccountStatus status = 2;
+    // description is a comment describing the service account.
+    google.protobuf.StringValue description = 3;
+    // groups is a list of roles that the service account inherits permissions from.
+    fmp.RepeatedString groups = 4;
+}
+
+// Account describes a service account.
+message Account {
+    option (fmp.model) = "ro";
+    // key uniquely identifies the service account.
+    AccountKey key = 1;
+    // status determines whether the service account is enabled or disabled.
+    AccountStatus status = 2;
+    // description is a comment describing the service account.
+    google.protobuf.StringValue description = 3;
+    // groups is a list of roles that the service account inherits permissions from.
+    fmp.RepeatedString groups = 4;
+    // created_by is the name of the entity that created the service account.
+    google.protobuf.StringValue created_by = 5;
+    // last_access is the time when the service account was last fetched.
+    google.protobuf.Timestamp last_access = 6;
+}
+
+// TokenKey contains service account token ID.
+message TokenKey {
+    option (fmp.model_key) = true;
+    // id is the unique identifier of the service account token.
+    google.protobuf.StringValue id = 1;
+}
+
+// TokenConfig holds the configuration for a service account token. The token is a signed JWT which
+// can be used as a credential for REST and WRPC endpoints.
+message TokenConfig {
+    option (fmp.model) = "rw";
+    option (fmp.require_set_key) = false;
+    // key uniquely identifies the service account token.
+    TokenKey key = 1;
+    // user is the name of the service account that the token is generated for.
+    google.protobuf.StringValue user = 2;
+    // description is a short name or comment used to identify the service account token.
+    google.protobuf.StringValue description = 3;
+    // valid_for determines the duration that the service account token will be valid for.
+    google.protobuf.Duration valid_for = 4;
+    // token is the JWT token generated for a service account token.
+    // It is only populated in Set response.
+    google.protobuf.StringValue token = 5;
+}
+
+// Token describes a service account token.
+message Token {
+    option (fmp.model) = "ro";
+    // key uniquely identifies the service account token.
+    TokenKey key = 1;
+    // user is the name of the service account that the token is generated for.
+    google.protobuf.StringValue user = 2;
+    // description is a short name or comment used to identify the service account token.
+    google.protobuf.StringValue description = 3;
+    // valid_until is the time that the service account token will be valid until.
+    google.protobuf.Timestamp valid_until = 4;
+    // created_by is the name of the entity that created the service account token.
+    google.protobuf.StringValue created_by = 5;
+    // last_used is the time when the service account token was last used to authenticate.
+    google.protobuf.Timestamp last_used = 6;
+}