Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(553)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/api/minter/v1/token_minter.proto

Issue 2413683004: token-server: Delegation config import, validation and evaluation. (Closed)
Patch Set: also check validity_duration Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « tokenserver/api/minter/v1/pb.discovery.go ('k') | tokenserver/api/minter/v1/token_minter.pb.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 syntax = "proto3"; 5 syntax = "proto3";
6 6
7 package tokenserver.minter; 7 package tokenserver.minter;
8 8
9 import "google/protobuf/timestamp.proto"; 9 import "google/protobuf/timestamp.proto";
10 10
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 201
202 202
203 //////////////////////////////////////////////////////////////////////////////// 203 ////////////////////////////////////////////////////////////////////////////////
204 // Delegation Tokens messages 204 // Delegation Tokens messages
205 205
206 206
207 // MintDelegationTokenRequest is passed to MintDelegationToken. 207 // MintDelegationTokenRequest is passed to MintDelegationToken.
208 message MintDelegationTokenRequest { 208 message MintDelegationTokenRequest {
209 // Identity whose authority is delegated. 209 // Identity whose authority is delegated.
210 // 210 //
211 // A string of the form "user:<email>". The token server will check its ACLs 211 // A string of the form "user:<email>" or a special token "REQUESTOR" that
212 // to make sure the caller is authorized to impersonate this identity. 212 // means to delegate caller's own identity. The token server will check its
213 // ACLs to make sure the caller is authorized to impersonate this identity.
213 // 214 //
214 // Required. 215 // Required.
215 string delegated_identity = 1; 216 string delegated_identity = 1;
216 217
217 // How long the token should be considered valid (in seconds). 218 // How long the token should be considered valid (in seconds).
218 // 219 //
219 // Default is 3600 sec. 220 // Default is 3600 sec.
220 int64 validity_duration = 2; 221 int64 validity_duration = 2;
221 222
222 // Who will be able to use the new token. 223 // Who will be able to use the new token.
223 // 224 //
224 // Each item can be an identity string (e.g. "user:<email>"), a "group:<name>" 225 // Each item can be an identity string (e.g. "user:<email>"), a "group:<name>"
225 // string, or special "*" string which means "Any bearer can use the token". 226 // string, special "*" string which means "Any bearer can use the token", or
227 // "REQUESTOR" string which means "Whoever is making this call can use the
228 // token".
226 // 229 //
227 // This is semantically is a set, the order of elements doesn't matter. 230 // This is semantically is a set, the order of elements doesn't matter.
228 // 231 //
229 // Required. 232 // Required.
230 repeated string audience = 3; 233 repeated string audience = 3;
231 234
232 // What services should accept the new token. 235 // What services should accept the new token.
233 // 236 //
234 // List of LUCI services (specified as service identities, e.g. 237 // List of LUCI services (specified as service identities, e.g.
235 // "service:app-id" or as https:// root URLs e.g. "https://<host>") that 238 // "service:app-id" or as https:// root URLs e.g. "https://<host>") that
(...skipping 19 matching lines...) Expand all
255 message MintDelegationTokenResponse { 258 message MintDelegationTokenResponse {
256 // The actual base64-encoded signed token. 259 // The actual base64-encoded signed token.
257 string token = 1; 260 string token = 1;
258 261
259 // Same data as in 'token' in deserialized form, just for convenience. 262 // Same data as in 'token' in deserialized form, just for convenience.
260 // 263 //
261 // Mostly for JSON encoding users, since they may not understand proto-encoded 264 // Mostly for JSON encoding users, since they may not understand proto-encoded
262 // tokens. 265 // tokens.
263 messages.Subtoken delegation_subtoken = 2; 266 messages.Subtoken delegation_subtoken = 2;
264 } 267 }
OLDNEW
« no previous file with comments | « tokenserver/api/minter/v1/pb.discovery.go ('k') | tokenserver/api/minter/v1/token_minter.pb.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698