RubyGems - fila-client - Versions diffs - 0.1.0 → 0.2.0 - Mend

fila-client 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +77 -1
data/lib/fila/client.rb +82 -55
data/lib/fila/proto/fila/v1/admin_pb.rb +13 -1
data/lib/fila/proto/fila/v1/admin_services_pb.rb +7 -0
data/lib/fila/version.rb +1 -1
data/proto/fila/v1/admin.proto +83 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a874620e781ea2213b76a152f9297b5e1378963b5a754e3f0275f5b211f9e98
-  data.tar.gz: 58fa181e4c11ab88e3a6f58fe6c98424cc38e5ca2d91e42b9466d65a34f1aee8
+  metadata.gz: 2d12705da00a1094120e5a6c8ecd88b6193b73a88f18d5c6786211bc8458fb96
+  data.tar.gz: 3f1adf19ca765745a2a14bc99bd6e1239dbcc1ef5940f7cb4203c80c3a3cacc9
 SHA512:
-  metadata.gz: 68a26f1a326b5e1fa02753009aa51afb334b96b1b8bb0f6266cd9d6652d2906f3b9f0e87d7c0ea0d267c38af706d79aaee6a67aca9282f6fce1429ac4e532a2b
-  data.tar.gz: 34e4a41170586bba7e483cf119bb6a366f86ccf05a0847baa254ab8f0a69b61658d4a86d0a1f2862b120413db95fa6c6f34814167fc74f3c4514591b44c36f80
+  metadata.gz: 7e6db66c6b4a7dace398aff5659ccfa750e0d51e82ef2b34dff3175bdcd0ebb91768dc87e3515e1caa52c2aa24b6f94e81ac7078ef87886bd0701e0b8944c1d4
+  data.tar.gz: 7524edf3d910461afcf3844bb7ae7d7a780055b9700cecc2dec92ddab84e2aa5349d0b41116359fdc5063f2a23ee729973d14ba227bd62d544f9d2576f0fde24

data/README.md CHANGED Viewed

@@ -44,12 +44,88 @@ end
 client.close
 ```
+### TLS (system trust store)
+```ruby
+require "fila"
+# TLS using the OS system trust store (e.g., server uses a public CA).
+client = Fila::Client.new("localhost:5555", tls: true)
+```
+### TLS (custom CA)
+```ruby
+require "fila"
+# TLS with an explicit CA certificate (e.g., private/self-signed CA).
+client = Fila::Client.new("localhost:5555",
+  ca_cert: File.read("ca.pem")
+)
+```
+### mTLS (mutual TLS)
+```ruby
+require "fila"
+# Mutual TLS with system trust store.
+client = Fila::Client.new("localhost:5555",
+  tls: true,
+  client_cert: File.read("client.pem"),
+  client_key: File.read("client-key.pem")
+)
+# Mutual TLS with explicit CA certificate.
+client = Fila::Client.new("localhost:5555",
+  ca_cert: File.read("ca.pem"),
+  client_cert: File.read("client.pem"),
+  client_key: File.read("client-key.pem")
+)
+```
+### API Key Authentication
+```ruby
+require "fila"
+# API key sent as Bearer token on every request.
+client = Fila::Client.new("localhost:5555",
+  api_key: "fila_your_api_key_here"
+)
+```
+### mTLS + API Key
+```ruby
+require "fila"
+# Full security: mTLS transport + API key authentication.
+client = Fila::Client.new("localhost:5555",
+  ca_cert: File.read("ca.pem"),
+  client_cert: File.read("client.pem"),
+  client_key: File.read("client-key.pem"),
+  api_key: "fila_your_api_key_here"
+)
+```
 ## API
-### `Fila::Client.new(addr)`
+### `Fila::Client.new(addr, tls: false, ca_cert: nil, client_cert: nil, client_key: nil, api_key: nil)`
 Connect to a Fila broker at the given address (e.g., `"localhost:5555"`).
+| Parameter | Type | Description |
+|---|---|---|
+| `addr` | `String` | Broker address in `"host:port"` format |
+| `tls:` | `Boolean` | Enable TLS using the OS system trust store (default: `false`) |
+| `ca_cert:` | `String` or `nil` | PEM-encoded CA certificate for TLS (implies `tls: true`) |
+| `client_cert:` | `String` or `nil` | PEM-encoded client certificate for mTLS |
+| `client_key:` | `String` or `nil` | PEM-encoded client private key for mTLS |
+| `api_key:` | `String` or `nil` | API key for Bearer token authentication |
+When no TLS/auth options are provided, the client connects over plaintext (backward compatible). When `tls: true` is set without `ca_cert:`, the OS system trust store is used for server certificate verification.
 ### `client.enqueue(queue:, headers:, payload:)`
 Enqueue a message. Returns the broker-assigned message ID (UUIDv7).

data/lib/fila/client.rb CHANGED Viewed

@@ -14,43 +14,37 @@ module Fila
   #
   # Wraps the hot-path gRPC operations: enqueue, consume, ack, nack.
   #
-  # @example
+  # @example Plain-text (no auth)
   #   client = Fila::Client.new("localhost:5555")
-  #   msg_id = client.enqueue(queue: "my-queue", headers: { "tenant" => "acme" }, payload: "hello")
-  #   client.consume(queue: "my-queue") do |msg|
-  #     client.ack(queue: "my-queue", msg_id: msg.id)
-  #     break
-  #   end
-  #   client.close
+  #
+  # @example TLS with system trust store
+  #   client = Fila::Client.new("localhost:5555", tls: true)
+  #
+  # @example TLS with custom CA
+  #   client = Fila::Client.new("localhost:5555", ca_cert: File.read("ca.pem"))
+  #
+  # @example mTLS + API key
+  #   client = Fila::Client.new("localhost:5555",
+  #     ca_cert: File.read("ca.pem"),
+  #     client_cert: File.read("client.pem"),
+  #     client_key: File.read("client-key.pem"),
+  #     api_key: "fila_abc123")
   class Client
-    # Connect to a Fila broker at the given address.
-    #
-    # @param addr [String] broker address in "host:port" format (e.g., "localhost:5555")
-    def initialize(addr)
-      @stub = ::Fila::V1::FilaService::Stub.new(addr, :this_channel_is_insecure)
+    def initialize(addr, tls: false, ca_cert: nil, client_cert: nil, client_key: nil, api_key: nil)
+      @api_key = api_key
+      @credentials = build_credentials(tls: tls, ca_cert: ca_cert, client_cert: client_cert, client_key: client_key)
+      @stub = ::Fila::V1::FilaService::Stub.new(addr, @credentials)
     end
-    # Close the underlying gRPC channel.
-    def close
-      # grpc-ruby doesn't expose a direct channel close on stubs;
-      # the channel is garbage-collected. This is a no-op for API symmetry.
-    end
+    def close; end
-    # Enqueue a message to the specified queue.
-    #
-    # @param queue [String] target queue name
-    # @param headers [Hash<String, String>, nil] optional message headers
-    # @param payload [String] message payload bytes
-    # @return [String] broker-assigned message ID (UUIDv7)
-    # @raise [QueueNotFoundError] if the queue does not exist
-    # @raise [RPCError] for unexpected gRPC failures
     def enqueue(queue:, payload:, headers: nil)
       req = ::Fila::V1::EnqueueRequest.new(
         queue: queue,
         headers: headers || {},
         payload: payload
       )
-      resp = @stub.enqueue(req)
+      resp = @stub.enqueue(req, metadata: call_metadata)
       resp.message_id
     rescue GRPC::NotFound => e
       raise QueueNotFoundError, "enqueue: #{e.details}"
@@ -58,36 +52,12 @@ module Fila
       raise RPCError.new(e.code, e.details)
     end
-    # Open a streaming consumer on the specified queue.
-    #
-    # Yields messages as they become available. Nil message frames (keepalive
-    # signals) are skipped automatically. Nacked messages are redelivered on
-    # the same stream.
-    #
-    # If no block is given, returns an Enumerator.
-    #
-    # @param queue [String] queue to consume from
-    # @yield [ConsumeMessage] each message received from the broker
-    # @return [Enumerator<ConsumeMessage>] if no block given
-    # @raise [QueueNotFoundError] if the queue does not exist
-    # @raise [RPCError] for unexpected gRPC failures
+    # Open a streaming consumer. Yields messages as they arrive.
+    # Returns an Enumerator if no block given.
     def consume(queue:, &block)
       return enum_for(:consume, queue: queue) unless block
-      req = ::Fila::V1::ConsumeRequest.new(queue: queue)
-      stream = @stub.consume(req)
-      stream.each do |resp|
-        msg = resp.message
-        next if msg.nil? || msg.id.empty?
-        block.call(build_consume_message(msg))
-      end
-    rescue GRPC::Cancelled
-      # Stream cancelled — normal when consumer breaks out of the loop.
-    rescue GRPC::NotFound => e
-      raise QueueNotFoundError, "consume: #{e.details}"
-    rescue GRPC::BadStatus => e
-      raise RPCError.new(e.code, e.details)
+      consume_with_redirect(queue: queue, redirected: false, &block)
     end
     # Acknowledge a successfully processed message.
@@ -98,7 +68,7 @@ module Fila
     # @raise [RPCError] for unexpected gRPC failures
     def ack(queue:, msg_id:)
       req = ::Fila::V1::AckRequest.new(queue: queue, message_id: msg_id)
-      @stub.ack(req)
+      @stub.ack(req, metadata: call_metadata)
       nil
     rescue GRPC::NotFound => e
       raise MessageNotFoundError, "ack: #{e.details}"
@@ -115,7 +85,7 @@ module Fila
     # @raise [RPCError] for unexpected gRPC failures
     def nack(queue:, msg_id:, error:)
       req = ::Fila::V1::NackRequest.new(queue: queue, message_id: msg_id, error: error)
-      @stub.nack(req)
+      @stub.nack(req, metadata: call_metadata)
       nil
     rescue GRPC::NotFound => e
       raise MessageNotFoundError, "nack: #{e.details}"
@@ -123,8 +93,65 @@ module Fila
       raise RPCError.new(e.code, e.details)
     end
+    LEADER_ADDR_KEY = 'x-fila-leader-addr'
+    private_constant :LEADER_ADDR_KEY
     private
+    def consume_with_redirect(queue:, redirected:, &block) # rubocop:disable Metrics/AbcSize
+      stream = @stub.consume(::Fila::V1::ConsumeRequest.new(queue: queue), metadata: call_metadata)
+      stream.each do |resp|
+        msg = resp.message
+        next if msg.nil? || msg.id.empty?
+        block.call(build_consume_message(msg))
+      end
+    rescue GRPC::Cancelled then nil
+    rescue GRPC::NotFound => e
+      raise QueueNotFoundError, "consume: #{e.details}"
+    rescue GRPC::Unavailable => e
+      raise RPCError.new(e.code, e.details) if (leader_addr = extract_leader_addr(e)).nil? || redirected
+      @stub = ::Fila::V1::FilaService::Stub.new(leader_addr, @credentials)
+      consume_with_redirect(queue: queue, redirected: true, &block)
+    rescue GRPC::BadStatus => e
+      raise RPCError.new(e.code, e.details)
+    end
+    def extract_leader_addr(err)
+      err.metadata[LEADER_ADDR_KEY]
+    rescue StandardError
+      nil
+    end
+    def build_credentials(tls:, ca_cert:, client_cert:, client_key:)
+      tls_enabled = tls || ca_cert
+      validate_tls_options(tls_enabled, client_cert, client_key)
+      return :this_channel_is_insecure unless tls_enabled
+      build_channel_credentials(ca_cert, client_cert, client_key)
+    end
+    def validate_tls_options(tls_enabled, client_cert, client_key)
+      return if tls_enabled || (!client_cert && !client_key)
+      raise ArgumentError, 'tls: true or ca_cert is required when client_cert or client_key is provided'
+    end
+    def build_channel_credentials(ca_cert, client_cert, client_key)
+      if ca_cert then GRPC::Core::ChannelCredentials.new(ca_cert, client_key, client_cert)
+      elsif client_cert && client_key then GRPC::Core::ChannelCredentials.new(nil, client_key, client_cert)
+      else GRPC::Core::ChannelCredentials.new
+      end
+    end
+    def call_metadata
+      return {} unless @api_key
+      { 'authorization' => "Bearer #{@api_key}" }
+    end
     def build_consume_message(msg)
       metadata = msg.metadata
       ConsumeMessage.new(

data/lib/fila/proto/fila/v1/admin_pb.rb CHANGED Viewed

@@ -5,7 +5,7 @@
 require 'google/protobuf'
-descriptor_data = "\n\x13\x66ila/v1/admin.proto\x12\x07\x66ila.v1\"H\n\x12\x43reateQueueRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12$\n\x06\x63onfig\x18\x02 \x01(\x0b\x32\x14.fila.v1.QueueConfig\"b\n\x0bQueueConfig\x12\x19\n\x11on_enqueue_script\x18\x01 \x01(\t\x12\x19\n\x11on_failure_script\x18\x02 \x01(\t\x12\x1d\n\x15visibility_timeout_ms\x18\x03 \x01(\x04\"\'\n\x13\x43reateQueueResponse\x12\x10\n\x08queue_id\x18\x01 \x01(\t\"#\n\x12\x44\x65leteQueueRequest\x12\r\n\x05queue\x18\x01 \x01(\t\"\x15\n\x13\x44\x65leteQueueResponse\".\n\x10SetConfigRequest\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\"\x13\n\x11SetConfigResponse\"\x1f\n\x10GetConfigRequest\x12\x0b\n\x03key\x18\x01 \x01(\t\"\"\n\x11GetConfigResponse\x12\r\n\x05value\x18\x01 \x01(\t\")\n\x0b\x43onfigEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\"#\n\x11ListConfigRequest\x12\x0e\n\x06prefix\x18\x01 \x01(\t\"P\n\x12ListConfigResponse\x12%\n\x07\x65ntries\x18\x01 \x03(\x0b\x32\x14.fila.v1.ConfigEntry\x12\x13\n\x0btotal_count\x18\x02 \x01(\r\" \n\x0fGetStatsRequest\x12\r\n\x05queue\x18\x01 \x01(\t\"b\n\x13PerFairnessKeyStats\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x15\n\rpending_count\x18\x02 \x01(\x04\x12\x17\n\x0f\x63urrent_deficit\x18\x03 \x01(\x03\x12\x0e\n\x06weight\x18\x04 \x01(\r\"Z\n\x13PerThrottleKeyStats\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x0e\n\x06tokens\x18\x02 \x01(\x01\x12\x17\n\x0frate_per_second\x18\x03 \x01(\x01\x12\r\n\x05\x62urst\x18\x04 \x01(\x01\"\xec\x01\n\x10GetStatsResponse\x12\r\n\x05\x64\x65pth\x18\x01 \x01(\x04\x12\x11\n\tin_flight\x18\x02 \x01(\x04\x12\x1c\n\x14\x61\x63tive_fairness_keys\x18\x03 \x01(\x04\x12\x18\n\x10\x61\x63tive_consumers\x18\x04 \x01(\r\x12\x0f\n\x07quantum\x18\x05 \x01(\r\x12\x33\n\rper_key_stats\x18\x06 \x03(\x0b\x32\x1c.fila.v1.PerFairnessKeyStats\x12\x38\n\x12per_throttle_stats\x18\x07 \x03(\x0b\x32\x1c.fila.v1.PerThrottleKeyStats\"2\n\x0eRedriveRequest\x12\x11\n\tdlq_queue\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"#\n\x0fRedriveResponse\x12\x10\n\x08redriven\x18\x01 \x01(\x04\"\x13\n\x11ListQueuesRequest\"U\n\tQueueInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05\x64\x65pth\x18\x02 \x01(\x04\x12\x11\n\tin_flight\x18\x03 \x01(\x04\x12\x18\n\x10\x61\x63tive_consumers\x18\x04 \x01(\r\"8\n\x12ListQueuesResponse\x12\"\n\x06queues\x18\x01 \x03(\x0b\x32\x12.fila.v1.QueueInfo2\xb4\x04\n\tFilaAdmin\x12H\n\x0b\x43reateQueue\x12\x1b.fila.v1.CreateQueueRequest\x1a\x1c.fila.v1.CreateQueueResponse\x12H\n\x0b\x44\x65leteQueue\x12\x1b.fila.v1.DeleteQueueRequest\x1a\x1c.fila.v1.DeleteQueueResponse\x12\x42\n\tSetConfig\x12\x19.fila.v1.SetConfigRequest\x1a\x1a.fila.v1.SetConfigResponse\x12\x42\n\tGetConfig\x12\x19.fila.v1.GetConfigRequest\x1a\x1a.fila.v1.GetConfigResponse\x12\x45\n\nListConfig\x12\x1a.fila.v1.ListConfigRequest\x1a\x1b.fila.v1.ListConfigResponse\x12?\n\x08GetStats\x12\x18.fila.v1.GetStatsRequest\x1a\x19.fila.v1.GetStatsResponse\x12<\n\x07Redrive\x12\x17.fila.v1.RedriveRequest\x1a\x18.fila.v1.RedriveResponse\x12\x45\n\nListQueues\x12\x1a.fila.v1.ListQueuesRequest\x1a\x1b.fila.v1.ListQueuesResponseb\x06proto3"
+descriptor_data = "\n\x13\x66ila/v1/admin.proto\x12\x07\x66ila.v1\"H\n\x12\x43reateQueueRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12$\n\x06\x63onfig\x18\x02 \x01(\x0b\x32\x14.fila.v1.QueueConfig\"b\n\x0bQueueConfig\x12\x19\n\x11on_enqueue_script\x18\x01 \x01(\t\x12\x19\n\x11on_failure_script\x18\x02 \x01(\t\x12\x1d\n\x15visibility_timeout_ms\x18\x03 \x01(\x04\"\'\n\x13\x43reateQueueResponse\x12\x10\n\x08queue_id\x18\x01 \x01(\t\"#\n\x12\x44\x65leteQueueRequest\x12\r\n\x05queue\x18\x01 \x01(\t\"\x15\n\x13\x44\x65leteQueueResponse\".\n\x10SetConfigRequest\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\"\x13\n\x11SetConfigResponse\"\x1f\n\x10GetConfigRequest\x12\x0b\n\x03key\x18\x01 \x01(\t\"\"\n\x11GetConfigResponse\x12\r\n\x05value\x18\x01 \x01(\t\")\n\x0b\x43onfigEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\"#\n\x11ListConfigRequest\x12\x0e\n\x06prefix\x18\x01 \x01(\t\"P\n\x12ListConfigResponse\x12%\n\x07\x65ntries\x18\x01 \x03(\x0b\x32\x14.fila.v1.ConfigEntry\x12\x13\n\x0btotal_count\x18\x02 \x01(\r\" \n\x0fGetStatsRequest\x12\r\n\x05queue\x18\x01 \x01(\t\"b\n\x13PerFairnessKeyStats\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x15\n\rpending_count\x18\x02 \x01(\x04\x12\x17\n\x0f\x63urrent_deficit\x18\x03 \x01(\x03\x12\x0e\n\x06weight\x18\x04 \x01(\r\"Z\n\x13PerThrottleKeyStats\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x0e\n\x06tokens\x18\x02 \x01(\x01\x12\x17\n\x0frate_per_second\x18\x03 \x01(\x01\x12\r\n\x05\x62urst\x18\x04 \x01(\x01\"\x9f\x02\n\x10GetStatsResponse\x12\r\n\x05\x64\x65pth\x18\x01 \x01(\x04\x12\x11\n\tin_flight\x18\x02 \x01(\x04\x12\x1c\n\x14\x61\x63tive_fairness_keys\x18\x03 \x01(\x04\x12\x18\n\x10\x61\x63tive_consumers\x18\x04 \x01(\r\x12\x0f\n\x07quantum\x18\x05 \x01(\r\x12\x33\n\rper_key_stats\x18\x06 \x03(\x0b\x32\x1c.fila.v1.PerFairnessKeyStats\x12\x38\n\x12per_throttle_stats\x18\x07 \x03(\x0b\x32\x1c.fila.v1.PerThrottleKeyStats\x12\x16\n\x0eleader_node_id\x18\x08 \x01(\x04\x12\x19\n\x11replication_count\x18\t \x01(\r\"2\n\x0eRedriveRequest\x12\x11\n\tdlq_queue\x18\x01 \x01(\t\x12\r\n\x05\x63ount\x18\x02 \x01(\x04\"#\n\x0fRedriveResponse\x12\x10\n\x08redriven\x18\x01 \x01(\x04\"\x13\n\x11ListQueuesRequest\"m\n\tQueueInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05\x64\x65pth\x18\x02 \x01(\x04\x12\x11\n\tin_flight\x18\x03 \x01(\x04\x12\x18\n\x10\x61\x63tive_consumers\x18\x04 \x01(\r\x12\x16\n\x0eleader_node_id\x18\x05 \x01(\x04\"T\n\x12ListQueuesResponse\x12\"\n\x06queues\x18\x01 \x03(\x0b\x32\x12.fila.v1.QueueInfo\x12\x1a\n\x12\x63luster_node_count\x18\x02 \x01(\r\"Q\n\x13\x43reateApiKeyRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x15\n\rexpires_at_ms\x18\x02 \x01(\x04\x12\x15\n\ris_superadmin\x18\x03 \x01(\x08\"J\n\x14\x43reateApiKeyResponse\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\x15\n\ris_superadmin\x18\x03 \x01(\x08\"%\n\x13RevokeApiKeyRequest\x12\x0e\n\x06key_id\x18\x01 \x01(\t\"\x16\n\x14RevokeApiKeyResponse\"\x14\n\x12ListApiKeysRequest\"o\n\nApiKeyInfo\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x15\n\rcreated_at_ms\x18\x03 \x01(\x04\x12\x15\n\rexpires_at_ms\x18\x04 \x01(\x04\x12\x15\n\ris_superadmin\x18\x05 \x01(\x08\"8\n\x13ListApiKeysResponse\x12!\n\x04keys\x18\x01 \x03(\x0b\x32\x13.fila.v1.ApiKeyInfo\".\n\rAclPermission\x12\x0c\n\x04kind\x18\x01 \x01(\t\x12\x0f\n\x07pattern\x18\x02 \x01(\t\"L\n\rSetAclRequest\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12+\n\x0bpermissions\x18\x02 \x03(\x0b\x32\x16.fila.v1.AclPermission\"\x10\n\x0eSetAclResponse\"\x1f\n\rGetAclRequest\x12\x0e\n\x06key_id\x18\x01 \x01(\t\"d\n\x0eGetAclResponse\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12+\n\x0bpermissions\x18\x02 \x03(\x0b\x32\x16.fila.v1.AclPermission\x12\x15\n\ris_superadmin\x18\x03 \x01(\x08\x32\x8e\x07\n\tFilaAdmin\x12H\n\x0b\x43reateQueue\x12\x1b.fila.v1.CreateQueueRequest\x1a\x1c.fila.v1.CreateQueueResponse\x12H\n\x0b\x44\x65leteQueue\x12\x1b.fila.v1.DeleteQueueRequest\x1a\x1c.fila.v1.DeleteQueueResponse\x12\x42\n\tSetConfig\x12\x19.fila.v1.SetConfigRequest\x1a\x1a.fila.v1.SetConfigResponse\x12\x42\n\tGetConfig\x12\x19.fila.v1.GetConfigRequest\x1a\x1a.fila.v1.GetConfigResponse\x12\x45\n\nListConfig\x12\x1a.fila.v1.ListConfigRequest\x1a\x1b.fila.v1.ListConfigResponse\x12?\n\x08GetStats\x12\x18.fila.v1.GetStatsRequest\x1a\x19.fila.v1.GetStatsResponse\x12<\n\x07Redrive\x12\x17.fila.v1.RedriveRequest\x1a\x18.fila.v1.RedriveResponse\x12\x45\n\nListQueues\x12\x1a.fila.v1.ListQueuesRequest\x1a\x1b.fila.v1.ListQueuesResponse\x12K\n\x0c\x43reateApiKey\x12\x1c.fila.v1.CreateApiKeyRequest\x1a\x1d.fila.v1.CreateApiKeyResponse\x12K\n\x0cRevokeApiKey\x12\x1c.fila.v1.RevokeApiKeyRequest\x1a\x1d.fila.v1.RevokeApiKeyResponse\x12H\n\x0bListApiKeys\x12\x1b.fila.v1.ListApiKeysRequest\x1a\x1c.fila.v1.ListApiKeysResponse\x12\x39\n\x06SetAcl\x12\x16.fila.v1.SetAclRequest\x1a\x17.fila.v1.SetAclResponse\x12\x39\n\x06GetAcl\x12\x16.fila.v1.GetAclRequest\x1a\x17.fila.v1.GetAclResponseb\x06proto3"
 pool = ::Google::Protobuf::DescriptorPool.generated_pool
 pool.add_serialized_file(descriptor_data)
@@ -33,5 +33,17 @@ module Fila
     ListQueuesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.ListQueuesRequest").msgclass
     QueueInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.QueueInfo").msgclass
     ListQueuesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.ListQueuesResponse").msgclass
+    CreateApiKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.CreateApiKeyRequest").msgclass
+    CreateApiKeyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.CreateApiKeyResponse").msgclass
+    RevokeApiKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.RevokeApiKeyRequest").msgclass
+    RevokeApiKeyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.RevokeApiKeyResponse").msgclass
+    ListApiKeysRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.ListApiKeysRequest").msgclass
+    ApiKeyInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.ApiKeyInfo").msgclass
+    ListApiKeysResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.ListApiKeysResponse").msgclass
+    AclPermission = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.AclPermission").msgclass
+    SetAclRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.SetAclRequest").msgclass
+    SetAclResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.SetAclResponse").msgclass
+    GetAclRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.GetAclRequest").msgclass
+    GetAclResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("fila.v1.GetAclResponse").msgclass
   end
 end

data/lib/fila/proto/fila/v1/admin_services_pb.rb CHANGED Viewed

@@ -24,6 +24,13 @@ module Fila
         rpc :GetStats, ::Fila::V1::GetStatsRequest, ::Fila::V1::GetStatsResponse
         rpc :Redrive, ::Fila::V1::RedriveRequest, ::Fila::V1::RedriveResponse
         rpc :ListQueues, ::Fila::V1::ListQueuesRequest, ::Fila::V1::ListQueuesResponse
+        # API key management. CreateApiKey bypasses auth (bootstrap); others require a valid key.
+        rpc :CreateApiKey, ::Fila::V1::CreateApiKeyRequest, ::Fila::V1::CreateApiKeyResponse
+        rpc :RevokeApiKey, ::Fila::V1::RevokeApiKeyRequest, ::Fila::V1::RevokeApiKeyResponse
+        rpc :ListApiKeys, ::Fila::V1::ListApiKeysRequest, ::Fila::V1::ListApiKeysResponse
+        # Per-key ACL management.
+        rpc :SetAcl, ::Fila::V1::SetAclRequest, ::Fila::V1::SetAclResponse
+        rpc :GetAcl, ::Fila::V1::GetAclRequest, ::Fila::V1::GetAclResponse
       end
       Stub = Service.rpc_stub_class

data/lib/fila/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Fila
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/proto/fila/v1/admin.proto CHANGED Viewed

@@ -11,6 +11,15 @@ service FilaAdmin {
   rpc GetStats(GetStatsRequest) returns (GetStatsResponse);
   rpc Redrive(RedriveRequest) returns (RedriveResponse);
   rpc ListQueues(ListQueuesRequest) returns (ListQueuesResponse);
+  // API key management. CreateApiKey bypasses auth (bootstrap); others require a valid key.
+  rpc CreateApiKey(CreateApiKeyRequest) returns (CreateApiKeyResponse);
+  rpc RevokeApiKey(RevokeApiKeyRequest) returns (RevokeApiKeyResponse);
+  rpc ListApiKeys(ListApiKeysRequest) returns (ListApiKeysResponse);
+  // Per-key ACL management.
+  rpc SetAcl(SetAclRequest) returns (SetAclResponse);
+  rpc GetAcl(GetAclRequest) returns (GetAclResponse);
 }
 message CreateQueueRequest {
@@ -89,6 +98,9 @@ message GetStatsResponse {
   uint32 quantum = 5;
   repeated PerFairnessKeyStats per_key_stats = 6;
   repeated PerThrottleKeyStats per_throttle_stats = 7;
+  // Cluster fields (0 when not in cluster mode).
+  uint64 leader_node_id = 8;
+  uint32 replication_count = 9;
 }
 message RedriveRequest {
@@ -107,8 +119,79 @@ message QueueInfo {
   uint64 depth = 2;
   uint64 in_flight = 3;
   uint32 active_consumers = 4;
+  uint64 leader_node_id = 5;
 }
 message ListQueuesResponse {
   repeated QueueInfo queues = 1;
+  uint32 cluster_node_count = 2;
+}
+// --- API Key Management ---
+message CreateApiKeyRequest {
+  /// Human-readable label for the key.
+  string name = 1;
+  /// Optional Unix timestamp (milliseconds) after which the key expires.
+  /// 0 means no expiration.
+  uint64 expires_at_ms = 2;
+  /// When true, the key bypasses all ACL checks (superadmin).
+  bool is_superadmin = 3;
+}
+message CreateApiKeyResponse {
+  /// Opaque key ID for management operations (revoke, list, set-acl).
+  string key_id = 1;
+  /// Plaintext API key. Returned once — store it securely.
+  string key = 2;
+  /// Whether this key has superadmin privileges.
+  bool is_superadmin = 3;
+}
+message RevokeApiKeyRequest {
+  string key_id = 1;
+}
+message RevokeApiKeyResponse {}
+message ListApiKeysRequest {}
+message ApiKeyInfo {
+  string key_id = 1;
+  string name = 2;
+  uint64 created_at_ms = 3;
+  /// 0 means no expiration.
+  uint64 expires_at_ms = 4;
+  bool is_superadmin = 5;
+}
+message ListApiKeysResponse {
+  repeated ApiKeyInfo keys = 1;
+}
+// --- ACL Management ---
+/// A single permission grant: kind (produce/consume/admin) + queue pattern.
+message AclPermission {
+  /// One of: "produce", "consume", "admin".
+  string kind = 1;
+  /// Queue name or wildcard ("*" or "orders.*").
+  string pattern = 2;
+}
+message SetAclRequest {
+  string key_id = 1;
+  repeated AclPermission permissions = 2;
+}
+message SetAclResponse {}
+message GetAclRequest {
+  string key_id = 1;
+}
+message GetAclResponse {
+  string key_id = 1;
+  repeated AclPermission permissions = 2;
+  bool is_superadmin = 3;
 }

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fila-client
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Faisca
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-02 00:00:00.000000000 Z
+date: 2026-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-protobuf