From 75a2a61054d916cb7c3f04f82b533d85a71b6e00 Mon Sep 17 00:00:00 2001
From: Chris Goller <goller@gmail.com>
Date: Thu, 26 Oct 2023 16:23:26 -0500
Subject: [PATCH] feat(oidc): add trust relationship API

Signed-off-by: Chris Goller <goller@gmail.com>
---
 proto/depot/core/v1/project.proto | 55 +++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/proto/depot/core/v1/project.proto b/proto/depot/core/v1/project.proto
index e3c5ce2..f19d4a0 100644
--- a/proto/depot/core/v1/project.proto
+++ b/proto/depot/core/v1/project.proto
@@ -18,6 +18,13 @@ service ProjectService {
 
   // Delete a project
   rpc DeleteProject(DeleteProjectRequest) returns (DeleteProjectResponse) {}
+
+  // List project's OIDC trust relationships.
+  rpc ListTrustRelationships(ListTrustRelationshipsRequest) returns (ListTrustRelationshipsResponse) {}
+  // Add an OIDC trust relationship to a project.
+  rpc AddTrustRelationship(AddTrustRelationshipRequest) returns (AddTrustRelationshipResponse) {}
+  // Remove an OIDC trust relationship from a project.
+  rpc RemoveTrustRelationship(RemoveTrustRelationshipRequest) returns (RemoveTrustRelationshipResponse) {}
 }
 
 message Project {
@@ -75,3 +82,51 @@ message CachePolicy {
   int32 keep_bytes = 1;
   int32 keep_days = 2;
 }
+
+message ListTrustRelationshipsRequest {
+  string project_id = 1;
+}
+
+message ListTrustRelationshipsResponse {
+  repeated TrustRelationship trust_relationships = 1;
+}
+
+message AddTrustRelationshipRequest {
+  string project_id = 1;
+  TrustRelationship trust_relationship = 2;
+}
+
+message AddTrustRelationshipResponse {}
+
+message RemoveTrustRelationshipRequest {
+  string project_id = 1;
+  TrustRelationship trust_relationship = 2;
+}
+
+message RemoveTrustRelationshipResponse {}
+
+message TrustRelationship {
+  oneof provider {
+    Github github = 1;
+    CircleCI circleci = 2;
+    Buildkite buildkite = 3;
+  }
+}
+
+message Github {
+  // The Github organization or user name
+  string repository_owner = 1;
+  string repository = 2;
+}
+
+message CircleCI {
+  // CircleCI organization UUID must be a valid UUID, not the friendly organization ID.
+  string organization_uuid = 1;
+  // CircleCI project UUID must be a valid UUID, not the friendly project ID
+  string project_uuid = 2;
+}
+
+message Buildkite {
+  string organization_slug = 1;
+  string pipeline_slug = 2;
+}