Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/api/admin/v1/admin.proto

Issue 2413683004: token-server: Delegation config import, validation and evaluation. (Closed)
Patch Set: rebase Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | tokenserver/api/admin/v1/admin.pb.go » ('j') | tokenserver/api/admin/v1/config.proto » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 syntax = "proto3"; 5 syntax = "proto3";
6 6
7 package tokenserver.admin; 7 package tokenserver.admin;
8 8
9 import "google/protobuf/empty.proto"; 9 import "google/protobuf/empty.proto";
10 10
11 import "github.com/luci/luci-go/tokenserver/api/machine_token.proto"; 11 import "github.com/luci/luci-go/tokenserver/api/machine_token.proto";
12 12
13 13
14 // Admin service is used by service administrators to manage the server. 14 // Admin service is used by service administrators to manage the server.
15 service Admin { 15 service Admin {
16 // ImportCAConfigs makes the server read CA configs from luci-config. 16 // ImportCAConfigs makes the server read CA configs from luci-config.
17 // 17 //
18 // This reads 'tokenserver.cfg' file.
19 //
18 // Note that regularly configs are read in background each 5 min. 20 // Note that regularly configs are read in background each 5 min.
19 // ImportCAConfigs can be used to force config reread immediately. It will 21 // ImportCAConfigs can be used to force config reread immediately. It will
20 // block until the configs are read. 22 // block until the configs are read.
21 rpc ImportCAConfigs(google.protobuf.Empty) returns (ImportedConfigs); 23 rpc ImportCAConfigs(google.protobuf.Empty) returns (ImportedConfigs);
22 24
25 // ImportDelegationConfigs makes the server read 'delegation.cfg' config.
26 //
27 // Note that regularly configs are read in background each 5 min.
nodir 2016/10/13 22:03:52 remove regularly
28 // ImportDelegationConfigs can be used to force config reread immediately. It
29 // will block until the configs are read.
30 rpc ImportDelegationConfigs(google.protobuf.Empty) returns (ImportedConfigs);
31
23 // InspectMachineToken decodes a machine token and verifies it is valid. 32 // InspectMachineToken decodes a machine token and verifies it is valid.
24 // 33 //
25 // It verifies the token was signed by a private key of the token server and 34 // It verifies the token was signed by a private key of the token server and
26 // checks token's expiration time and revocation status. 35 // checks token's expiration time and revocation status.
27 // 36 //
28 // It tries to give as much information about the token and its status as 37 // It tries to give as much information about the token and its status as
29 // possible (e.g. it checks for revocation status even if token is already 38 // possible (e.g. it checks for revocation status even if token is already
30 // expired). 39 // expired).
31 // 40 //
32 // Administrators can use this call to debug issues with tokens. 41 // Administrators can use this call to debug issues with tokens.
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
113 // 122 //
114 // Resolved from 'ca_id' field of the token body. 123 // Resolved from 'ca_id' field of the token body.
115 string cert_ca_name = 7; 124 string cert_ca_name = 7;
116 125
117 // The decoded token body (depends on token_type request parameter). Empty if 126 // The decoded token body (depends on token_type request parameter). Empty if
118 // token was malformed and couldn't be deserialized. 127 // token was malformed and couldn't be deserialized.
119 oneof token_type { 128 oneof token_type {
120 tokenserver.MachineTokenBody luci_machine_token = 20; 129 tokenserver.MachineTokenBody luci_machine_token = 20;
121 } 130 }
122 } 131 }
OLDNEW
« no previous file with comments | « no previous file | tokenserver/api/admin/v1/admin.pb.go » ('j') | tokenserver/api/admin/v1/config.proto » ('J')

Powered by Google App Engine
This is Rietveld 408576698