LogDog: Add project namespace to Butler/Collector.

common/proto/logdog/logpb/butler.proto

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 syntax = "proto3";
 
 package logpb;
 
 import "log.proto";
 import "google/protobuf/timestamp.proto";
@@ skipping 59 matching lines @@
    * same log stream.
    */
   message Entry {
     /*
      * The descriptor for this entry's log stream.
      *
      * Each LogEntry in the "logs" field is shares this common descriptor.
      */
     logpb.LogStreamDescriptor desc = 1;
 
-    /*
-     * The log prefix's secret value (required).
-     *
-     * The secret is generated by the Butler and unique to this specific log
-     * stream. The Coordinator will record the secret associated with a given
-     * log Prefix/Stream, but will not share the secret with a client.
-     *
-     * The Collector will check the secret prior to ingesting logs. If the
-     * secret doesn't match the value recorded by the Coordinator, the log
-     * will be discarded.
-     *
-     * This ensures that only the Butler instance that generated the log stream
-     * can emit log data for that stream.
-     */
-    bytes secret = 2;
+    /* (DEPRECATED) Per-entry secret replaced with Butler-wide secret. */
+    bytes deprecated_entry_secret = 2;
 
     /*
      * Whether this log entry terminates its stream.
      *
      * If present and "true", this field declares that this Entry is the last
      * such entry in the stream. This fact is recorded by the Collector and
      * registered with the Coordinator. The largest stream prefix in this Entry
      * will be bound the stream's LogEntry records to [0:largest_prefix]. Once
      * all messages in that range have been received, the log may be archived.
      *
@@ skipping 13 matching lines @@
      *
      * This is the main log entry content.
      */
     repeated logpb.LogEntry logs = 5;
   }
 
   /**
    * Each Entry is an individual set of log records for a given log stream.
    */
   repeated Entry entries = 3;
+
+  /** Project specifies which luci-config project this stream belongs to. */
+  string project = 4;
+
+  /**
+   * The log stream prefix that is shared by all bundled streams.
+   *
+   * This prefix is valid within the supplied project scope.
+   */
+  string prefix = 5;
+
+  /*
+   * The log prefix's secret value (required).
+   *
+   * The secret is bound to all log streams that share the supplied Prefix, and
+   * The Coordinator will record the secret associated with a given log Prefix,
+   but will not share the secret with a client.

[Vadim Sh., 2016/04/25 18:51:52]

also, who exactly is meant by "a client" here? Log consumers?

[Vadim Sh., 2016/04/25 18:51:52]

nit: add "* " :)

+   *
+   * The Collector will check the secret prior to ingesting logs. If the
+   * secret doesn't match the value recorded by the Coordinator, the log
+   * will be discarded.
+   *
+   * This ensures that only the Butler instance that generated the log stream

[Vadim Sh., 2016/04/25 18:51:52]

Is knowing secret alone sufficient to push messages to the stream?

Does it have an expiration time? Any bearer tokens should have short lifetime.

[dnj, 2016/04/25 19:30:26]

The secret is:
- At the moment, generated by this Butler instance and used when registering
streams. The Coordinator will accept the secret of the first stream for a given
name and enforce that all messages associated with that stream match the secret.
- In the future, be generated by the Coordinator after a negotiation with the
Butler, and be valid until the stream prefix is closed, which will happen after
a fixed amount of time since its creation.

This is less a token and more a stream property. If you know the stream secret,
you are either a privileged internal service or the Butler instance that owns
the stream.

+   * can emit log data for that stream. It also ensures that only authenticated
+   * users can write to a Prefix.
+   */
+  bytes secret = 6;
 }