Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(707)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/config_service/proto/service_config.proto

Issue 1224913002: luci-config: fine-grained acls (Closed) Base URL: git@github.com:luci/luci-py.git@master
Patch Set: fine-grained acls for service configs Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« appengine/config_service/acl.py ('K') | « appengine/config_service/proto/project_config_pb2.py ('k') | appengine/config_service/proto/service_config_pb2.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Swarming Authors. All rights reserved. 1 // Copyright 2015 The Swarming Authors. All rights reserved.
2 // Use of this source code is governed by the Apache v2.0 license that can be 2 // Use of this source code is governed by the Apache v2.0 license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Schemas for config files in services/luci-config config set. 5 // Schemas for config files in services/luci-config config set.
6 // 6 //
7 // In this file, "string pattern" is an exact string (can't have a colon) or a 7 // In this file, "string pattern" is an exact string (can't have a colon) or a
8 // string that starts with "regex:", followed by a regular expression. In case 8 // string that starts with "regex:", followed by a regular expression. In case
9 // of regex, the pattern must match an entire string, as if it was sorrounded by 9 // of regex, the pattern must match an entire string, as if it was sorrounded by
10 // ^ and $. 10 // ^ and $.
(...skipping 29 matching lines...) Expand all
40 // Where to import "projects/<id>" config set from. 40 // Where to import "projects/<id>" config set from.
41 optional ConfigSetLocation config_location = 2; 41 optional ConfigSetLocation config_location = 2;
42 } 42 }
43 43
44 // Schema of projects.cfg file. Represents luci tenants registry. 44 // Schema of projects.cfg file. Represents luci tenants registry.
45 message ProjectsCfg { 45 message ProjectsCfg {
46 // All projects served by this instance of Luci. 46 // All projects served by this instance of Luci.
47 repeated Project projects = 1; 47 repeated Project projects = 1;
48 } 48 }
49 49
50 /******************************************************************************/
51 /* Services */
52 /******************************************************************************/
53
54 // Describes one luci service.
55 message Service {
56 // Globally unique id of the service. Required.
57 // Used in "services/<service_id>" config set name.
58 optional string id = 1;
59 // Email addresses of responsible and point-of-contacts for the service.
60 repeated string owners = 2;
61 // Where to import "services/<id>" config set from. If config_location.url is
62 // relative, it is relative to the current configuration file.
63 // If not specified, defaults to "../<id>/".
64 optional ConfigSetLocation config_location = 3;
65 // An HTTPS endpoint that returns JSON-encoded ServiceDynamicMetadata in body.
66 optional string metadata_url = 4;
67 // Name of a group defined at auth service that has access to this service's
68 // configs. If not specified, only admins and trusted services have access.
69 optional string access = 5;
70 }
71
72 // Machine-generated service metadata, exposed by a service endpoint.
73 // Typically implemented by config component, embedded in an app:
74 // see appengine/components/components/config/endpoint.py
75 //
76 // If you add a field here, also add it to ServiceDynamicMetadata in endpoint.py
77 message ServiceDynamicMetadata {
78 // Format version. Supported versions: 1.0.
79 optional string version = 1;
80 // What configs this service can validate and how to validate them.
81 optional Validator validation = 2;
82 }
83
84 // Schema of services.cfg
85 message ServicesCfg {
86 // A list of all luci services. Should be sorted by id.
87 repeated Service services = 1;
88 }
89
90 /******************************************************************************/
91 /* Misc */
92 /******************************************************************************/
93
94
50 // Schema of acl.cfg file. 95 // Schema of acl.cfg file.
51 message AclCfg { 96 message AclCfg {
52 // Name of the group that has access to all services/* config sets.
53 optional string service_access_group = 1;
54 // Name of the group that has access to all projects/* config sets. 97 // Name of the group that has access to all projects/* config sets.
98 // Only trusted services should be in this group.
55 optional string project_access_group = 2; 99 optional string project_access_group = 2;
56 } 100 }
57 101
58 // Schema for import.cfg. It specified how to import configuration files from 102 // Schema for import.cfg. It specified how to import configuration files from
59 // external sources. 103 // external sources.
60 message ImportCfg { 104 message ImportCfg {
61 105
62 message Gitiles { 106 message Gitiles {
63 // Request timeout in seconds when requesting commit log. 107 // Request timeout in seconds when requesting commit log.
64 optional int32 fetch_log_deadline = 1; 108 optional int32 fetch_log_deadline = 1;
(...skipping 24 matching lines...) Expand all
89 } 133 }
90 // List of known schemas. They are available at /schemas/<name> as a short 134 // List of known schemas. They are available at /schemas/<name> as a short
91 // mutable link. 135 // mutable link.
92 repeated Schema schemas = 1; 136 repeated Schema schemas = 1;
93 } 137 }
94 138
95 /******************************************************************************/ 139 /******************************************************************************/
96 /* Validation */ 140 /* Validation */
97 /******************************************************************************/ 141 /******************************************************************************/
98 142
99 // Schema of validation.cfg 143 // Defines a pattern of a config identity. Both config_set and path must
100 message ValidationCfg { 144 // match.
101 // Defines one validation rule. It can match configs in different config-sets 145 message ConfigPattern {
102 // and paths. 146 // A string pattern for config_set.
103 message Rule { 147 optional string config_set = 1;
104 // A string pattern (see above) for config_set. 148 // A string pattern for config file path.
105 optional string config_set = 1; 149 optional string path = 2;
106 // A string pattern (see above) for config file path.
107 optional string path = 2;
108 // URL of a validation endpoint. The config service will send an HTTP POST
109 // request to the endpoint, where body is JSON-encoded
110 // ValidationRequestMessage. The endpoint is expected to respond with
111 // HTTP status 200 and JSON-encoded ValidationResponseMessage.
112 optional string url = 3;
113 }
114
115 // Defines validation rules for externally-validated configs.
116 // All rules that match a config by config_set and path must pass in order
117 // for a config to be considered valid.
118 repeated Rule rules = 1;
119 } 150 }
120 151
152 // Describes what configuration can be validated and how to validate them.
153 message Validator {
154 // A list of configuration patterns that this validator can validate.
155 repeated ConfigPattern patterns = 1;
156 // URL of a validation endpoint. The config service will send an HTTP POST
157 // request to the endpoint, where body is JSON-encoded
158 // ValidationRequestMessage. The endpoint is expected to respond with
159 // HTTP status 200 and JSON-encoded ValidationResponseMessage.
160 optional string url = 2;
161 }
121 162
122 // This message is used only in JSON form. It is sent as request body to an 163 // This message is used only in JSON form. It is sent as request body to an
123 // external validation endpoint in order to validate a config. 164 // external validation endpoint in order to validate a config.
124 message ValidationRequestMessage { 165 message ValidationRequestMessage {
125 // Config set of the config file to validate. 166 // Config set of the config file to validate.
126 optional string config_set = 1; 167 optional string config_set = 1;
127 // Path of the config file to validate. 168 // Path of the config file to validate.
128 optional string path = 2; 169 optional string path = 2;
129 // Base64-encoded contents of the file. 170 // Base64-encoded contents of the file.
130 optional string content = 3; 171 optional string content = 3;
(...skipping 14 matching lines...) Expand all
145 message Message { 186 message Message {
146 // Textual representation of the message. 187 // Textual representation of the message.
147 optional string text = 1; 188 optional string text = 1;
148 // If an error, a config is considered invalid. Defaults to INFO. 189 // If an error, a config is considered invalid. Defaults to INFO.
149 optional Severity severity = 2; 190 optional Severity severity = 2;
150 } 191 }
151 // Errors, warnings and other information found during validation. 192 // Errors, warnings and other information found during validation.
152 // If at least one error is found, the config is considered invalid. 193 // If at least one error is found, the config is considered invalid.
153 repeated Message messages = 1; 194 repeated Message messages = 1;
154 } 195 }
OLDNEW
« appengine/config_service/acl.py ('K') | « appengine/config_service/proto/project_config_pb2.py ('k') | appengine/config_service/proto/service_config_pb2.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698