Store API Reference
store/v1/object.proto
Object
Object is a generic data structure that can hold arbitrary data. It is used to store and associate objects in a content-addressable store.
| Field | Type | Label | Description |
|---|---|---|---|
| cid | string | Globally-unique content identifier of the object. Encodes fully-qualified type of the object as part of "codec". Specs: https://github.com/multiformats/cid | |
| type | ObjectType | Type of the object. Can be extracted from CID. | |
| annotations | Object.AnnotationsEntry | repeated | Metadata associated with the object. |
| created_at | string | Creation timestamp of the object in the RFC3339 format. Specs: https://www.rfc-editor.org/rfc/rfc3339.html | |
| size | uint64 | Size of the object in bytes. | |
| data | bytes | optional | Opaque data held by this object. Clients can use {type} to handle processing. |
Object.AnnotationsEntry
| Field | Type | Label | Description |
|---|---|---|---|
| key | string | ||
| value | string |
ObjectRef
Reference to a content-addressable object.
| Field | Type | Label | Description |
|---|---|---|---|
| cid | string | Globally-unique content identifier (CID) of the object. Specs: https://github.com/multiformats/cid |
ObjectType
Defines a list of supported object data types. Some values may be reserved for future use. These types are used as a "codec" in the CID.
| Name | Number | Description |
|---|---|---|
| OBJECT_TYPE_UNSPECIFIED | 0 | invalid type, should not be used |
| OBJECT_TYPE_RAW | 1 | Common Object Types |
store/v1/store_service.proto
PullOptions
PullOptions specifies which artifacts to include in pull operations.
| Field | Type | Label | Description |
|---|---|---|---|
| include_signature | bool | Signature to be included |
PullWithOptionsRequest
PullWithOptionsRequest specifies which record and artifacts to retrieve.
| Field | Type | Label | Description |
|---|---|---|---|
| record_ref | core.v1.RecordRef | Reference to the record to retrieve | |
| options | PullOptions | Pull options specifying which artifacts to include |
PullWithOptionsResponse
PullWithOptionsResponse contains a record and its associated artifacts.
| Field | Type | Label | Description |
|---|---|---|---|
| record | core.v1.Record | Stored record | |
| signature | sign.v1.Signature | optional | Associated signature, if requested and available |
PushOptions
PushOptions contains optional artifacts for push operations.
| Field | Type | Label | Description |
|---|---|---|---|
| signature | sign.v1.Signature | optional | Optional signature to be stored as separate manifest |
PushWithOptionsRequest
PushWithOptionsRequest represents a record with optional OCI artifacts for push operations.
| Field | Type | Label | Description |
|---|---|---|---|
| record | core.v1.Record | Record to be stored | |
| options | PushOptions | Push options containing optional artifacts |
PushWithOptionsResponse
PushWithOptionsResponse is returned after successfully storing a record with options.
| Field | Type | Label | Description |
|---|---|---|---|
| record_ref | core.v1.RecordRef | Reference to the stored record |
StoreService
Defines an interface for content-addressable storage service for objects.
Max object size: 4MB (to fully fit in a single request) Max metadata size: 100KB
Store service can be implemented by various storage backends, such as local file system, OCI registry, etc.
Middleware should be used to control who can perform these RPCs. Policies for the middleware can be handled via separate service.
Each operation is performed sequentially, meaning that for the N-th request, N-th response will be returned. If an error occurs, the stream will be cancelled.
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| Push | .core.v1.Record stream | .core.v1.RecordRef stream | Push performs write operation for given records. |
| Pull | .core.v1.RecordRef stream | .core.v1.Record stream | Pull performs read operation for given records. |
| Lookup | .core.v1.RecordRef stream | .core.v1.RecordMeta stream | Lookup resolves basic metadata for the records. |
| Delete | .core.v1.RecordRef stream | .google.protobuf.Empty | Remove performs delete operation for the records. |
| PushWithOptions | PushWithOptionsRequest stream | PushWithOptionsResponse stream | PushWithOptions performs write operation for records with optional OCI artifacts like signatures. |
| PullWithOptions | PullWithOptionsRequest stream | PullWithOptionsResponse stream | PullWithOptions retrieves records along with their associated OCI artifacts. |
store/v1/sync_service.proto
BasicAuthCredentials
Supporting credential type definitions
| Field | Type | Label | Description |
|---|---|---|---|
| username | string | ||
| password | string |
CreateSyncRequest
CreateSyncRequest defines the parameters for creating a new synchronization operation.
Currently supports basic synchronization of all objects from a remote Directory. Future versions may include additional options for filtering and scheduling capabilities.
| Field | Type | Label | Description |
|---|---|---|---|
| remote_directory_url | string | URL of the remote Registry to synchronize from. |
This should be a complete URL including protocol and port if non-standard. Examples: - "https://directory.example.com" - "http://localhost:8080" - "https://directory.example.com:9443" |
CreateSyncResponse
CreateSyncResponse contains the result of creating a new synchronization operation.
| Field | Type | Label | Description |
|---|---|---|---|
| sync_id | string | Unique identifier for the created synchronization operation. This ID can be used with other SyncService RPCs to monitor and manage the sync. |
DeleteSyncRequest
DeleteSyncRequest specifies which synchronization to delete.
| Field | Type | Label | Description |
|---|---|---|---|
| sync_id | string | Unique identifier of the synchronization operation to delete. |
DeleteSyncResponse
DeleteSyncResponse
GetSyncRequest
GetSyncRequest specifies which synchronization status to retrieve.
| Field | Type | Label | Description |
|---|---|---|---|
| sync_id | string | Unique identifier of the synchronization operation to query. |
GetSyncResponse
GetSyncResponse provides detailed information about a specific synchronization operation.
| Field | Type | Label | Description |
|---|---|---|---|
| sync_id | string | Unique identifier of the synchronization operation. | |
| status | SyncStatus | Current status of the synchronization operation. | |
| remote_directory_url | string | URL of the remote Directory node being synchronized from. | |
| created_time | string | Timestamp when the synchronization operation was created in the RFC3339 format. Specs: https://www.rfc-editor.org/rfc/rfc3339.html | |
| last_update_time | string | Timestamp of the most recent status update for this synchronization in the RFC3339 format. |
ListSyncsItem
ListSyncItem represents a single synchronization in the list of all syncs.
| Field | Type | Label | Description |
|---|---|---|---|
| sync_id | string | Unique identifier of the synchronization operation. | |
| status | SyncStatus | Current status of the synchronization operation. | |
| remote_directory_url | string | URL of the remote Directory being synchronized from. |
ListSyncsRequest
ListSyncsRequest specifies parameters for listing synchronization operations.
| Field | Type | Label | Description |
|---|---|---|---|
| limit | uint32 | optional | Optional limit on the number of results to return. |
| offset | uint32 | optional | Optional offset for pagination of results. |
RequestRegistryCredentialsRequest
| Field | Type | Label | Description |
|---|---|---|---|
| requesting_node_id | string | Identity of the requesting node For example: spiffe://example.org/service/foo |
RequestRegistryCredentialsResponse
| Field | Type | Label | Description |
|---|---|---|---|
| success | bool | Success status of the credential negotiation | |
| error_message | string | Error message if negotiation failed | |
| remote_registry_url | string | URL of the remote Registry being synchronized from. | |
| basic_auth | BasicAuthCredentials | CertificateCredentials certificate = 5; |
SyncStatus
SyncStatus enumeration defines the possible states of a synchronization operation.
| Name | Number | Description |
|---|---|---|
| SYNC_STATUS_UNSPECIFIED | 0 | Default/unset status - should not be used in practice |
| SYNC_STATUS_PENDING | 1 | Sync operation has been created but not yet started |
| SYNC_STATUS_IN_PROGRESS | 2 | Sync operation is actively discovering and transferring objects |
| SYNC_STATUS_FAILED | 3 | Sync operation encountered an error and stopped |
| SYNC_STATUS_DELETE_PENDING | 4 | Sync operation has been marked for deletion but cleanup not yet started |
| SYNC_STATUS_DELETED | 5 | Sync operation has been successfully deleted and cleaned up |
SyncService
SyncService provides functionality for synchronizing objects between Directory nodes.
This service enables one-way synchronization from a remote Directory node to the local node, allowing distributed Directory instances to share and replicate objects. The service supports both on-demand synchronization and tracking of sync operations through their lifecycle.
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| CreateSync | CreateSyncRequest | CreateSyncResponse | CreateSync initiates a new synchronization operation from a remote Directory node. |
The operation is non-blocking and returns immediately with a sync ID that can be used to track progress and manage the sync operation. | | ListSyncs | ListSyncsRequest | ListSyncsItem stream | ListSyncs returns a stream of all sync operations known to the system.
This includes active, completed, and failed synchronizations. | | GetSync | GetSyncRequest | GetSyncResponse | GetSync retrieves detailed status information for a specific synchronization. | | DeleteSync | DeleteSyncRequest | DeleteSyncResponse | DeleteSync removes a synchronization operation from the system. | | RequestRegistryCredentials | RequestRegistryCredentialsRequest | RequestRegistryCredentialsResponse | RequestRegistryCredentials requests registry credentials between two Directory nodes.
This RPC allows a requesting node to authenticate with this node and obtain temporary registry credentials for secure Zot-based synchronization. |