Updating the spec document

Author: mukhoakash

spec.md

@@ -182,24 +182,24 @@ extend google.protobuf.ServiceOptions {
 service Identity {
     // This call is meant to retrieve the unique provisioner Identity.
     // This identity will have to be set in BucketRequest.Provisioner field in order to invoke this specific provisioner.
-    rpc ProvisionerGetInfo (ProvisionerGetInfoRequest) returns (ProvisionerGetInfoResponse) {}
+    rpc DriverGetInfo (DriverGetInfoRequest) returns (DriverGetInfoResponse) {}
 }
 
 service Provisioner {
     // This call is made to create the bucket in the backend.
     // This call is idempotent
     //    1. If a bucket that matches both name and parameters already exists, then OK (success) must be returned.
     //    2. If a bucket by same name, but different parameters is provided, then the appropriate error code ALREADY_EXISTS must be returned.
-    rpc ProvisionerCreateBucket (ProvisionerCreateBucketRequest) returns (ProvisionerCreateBucketResponse) {}
+    rpc DriverCreateBucket (DriverCreateBucketRequest) returns (DriverCreateBucketResponse) {}
     // This call is made to delete the bucket in the backend.
     // If the bucket has already been deleted, then no error should be returned.
-    rpc ProvisionerDeleteBucket (ProvisionerDeleteBucketRequest) returns (ProvisionerDeleteBucketResponse) {}
+    rpc DriverDeleteBucket (DriverDeleteBucketRequest) returns (DriverDeleteBucketResponse) {}
 
     // This call grants access to an account. The account_name in the request shall be used as a unique identifier to create credentials.
-    // The account_id returned in the response will be used as the unique identifier for deleting this access when calling ProvisionerRevokeBucketAccess.
-    rpc ProvisionerGrantBucketAccess (ProvisionerGrantBucketAccessRequest) returns (ProvisionerGrantBucketAccessResponse);
+    // The account_id returned in the response will be used as the unique identifier for deleting this access when calling DriverRevokeBucketAccess.
+    rpc DriverGrantBucketAccess (DriverGrantBucketAccessRequest) returns (DriverGrantBucketAccessResponse);
     // This call revokes all access to a particular bucket from a principal.
-    rpc ProvisionerRevokeBucketAccess (ProvisionerRevokeBucketAccessRequest) returns (ProvisionerRevokeBucketAccessResponse);
+    rpc DriverRevokeBucketAccess (DriverRevokeBucketAccessRequest) returns (DriverRevokeBucketAccessResponse);
 }
 
 // S3SignatureVersion is the version of the signing algorithm for all s3 requests
@@ -223,6 +223,14 @@ enum AnonymousBucketAccessMode {
     ReadWrite = 4;
 }
 
+enum AuthenticationType {
+    UnknownAuthenticationType = 0;
+    // Default, KEY based authentication.
+    Key = 1;
+    // Storageaccount based authentication.
+    IAM = 2;
+}
+
 message S3 {
     // region denotes the geographical region where the S3 server is running
     string region = 1;
@@ -252,11 +260,11 @@ message Protocol {
     }
 }
 
-message ProvisionerGetInfoRequest {
+message DriverGetInfoRequest {
     // Intentionally left blank
 }
 
-message ProvisionerGetInfoResponse {    
+message DriverGetInfoResponse {
     // This field is REQUIRED
     // The name MUST follow domain name notation format
     // (https://tools.ietf.org/html/rfc1035#section-2.3.1). It SHOULD
@@ -268,72 +276,71 @@ message ProvisionerGetInfoResponse {
     string name = 1;
 }
 
-message ProvisionerCreateBucketRequest {    
+message DriverCreateBucketRequest {    
     // This field is REQUIRED
     // name specifies the name of the bucket that should be created.
     string name = 1;
 
-    // This field is REQUIRED
-    // Protocol specific information required by the call is passed in as key,value pairs.
-    Protocol protocol = 2;
-
     // This field is OPTIONAL
     // The caller should treat the values in parameters as opaque. 
     // The receiver is responsible for parsing and validating the values.
-    map<string,string> parameters = 3;
+    map<string,string> parameters = 2;
 }
 
-message ProvisionerCreateBucketResponse {
+message DriverCreateBucketResponse {
     // bucket_id returned here is expected to be the globally unique 
-    // identifier for the bucket in the object storage provider 
+    // identifier for the bucket in the object storage provider.
     string bucket_id = 1;
+
+    // bucket_info returned here stores the data specific to the
+    // bucket required by the object storage provider to connect to the bucket.
+    Protocol bucket_info = 2;
 }
 
-message ProvisionerDeleteBucketRequest {
+message DriverDeleteBucketRequest {
     // This field is REQUIRED
     // bucket_id is a globally unique identifier for the bucket
     // in the object storage provider 
     string bucket_id = 1;
 }
 
-message ProvisionerDeleteBucketResponse {
+message DriverDeleteBucketResponse {
     // Intentionally left blank
 }
 
-message ProvisionerGrantBucketAccessRequest {
+message DriverGrantBucketAccessRequest {
     // This field is REQUIRED
     // bucket_id is a globally unique identifier for the bucket
     // in the object storage provider 
     string bucket_id = 1;
 
     // This field is REQUIRED
-    // account_name is a identifier for object storage provider 
-    // to ensure that multiple requests for the same account
-    // result in only one access token being created
-    string account_name = 2;
+    // name field is used to define the name of the bucket access object.
+    string name = 2;
 
     // This field is REQUIRED
-    // Requested Access policy, ex: {"Effect":"Allow","Action":"s3:PutObject","Resource":"arn:aws:s3:::profilepics/*"}
-    string access_policy = 3;
+    // Requested authentication type for the bucket access.
+    // Supported authentication types are KEY or IAM.
+    AuthenticationType authentication_type = 3;
 
     // This field is OPTIONAL
     // The caller should treat the values in parameters as opaque. 
     // The receiver is responsible for parsing and validating the values.
     map<string,string> parameters = 4;
 }
 
-message ProvisionerGrantBucketAccessResponse {
-    // This field is OPTIONAL
+message DriverGrantBucketAccessResponse {
+    // This field is REQUIRED
     // This is the account_id that is being provided access. This will
     // be required later to revoke access. 
     string account_id = 1;
 
-    // This field is OPTIONAL
+    // This field is REQUIRED
     // Credentials supplied for accessing the bucket ex: aws access key id and secret, etc.
     string credentials = 2;
 }
 
-message ProvisionerRevokeBucketAccessRequest {
+message DriverRevokeBucketAccessRequest {
     // This field is REQUIRED
     // bucket_id is a globally unique identifier for the bucket
     // in the object storage provider.
@@ -344,7 +351,7 @@ message ProvisionerRevokeBucketAccessRequest {
     string account_id = 2;
 }
 
-message ProvisionerRevokeBucketAccessResponse {
+message DriverRevokeBucketAccessResponse {
     // Intentionally left blank
 }
 
@@ -423,19 +430,14 @@ The general flow of the success case MAY be as follows (protos illustrated in YA
    request:
    response:
       name: org.foo.whizbang.super-plugin
-      version: blue-green
-      manifest:
-        baz: qaz
 ```
 ```
-message ProvisionerGetInfoRequest {
+message DriverGetInfoRequest {
     // Intentionally left blank
 }
 
-message ProvisionerGetInfoResponse {    
+message DriverGetInfoResponse {
     string name = 1;
-    string version = 2;
-    map<string,string> manifest = 3;
 }
 ```