tokenserver/api/admin/v1/config.proto - Issue 2785973002: token-server: Add protos for new API for generating service account tokens.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: tokenserver/api/admin/v1/config.proto

Issue 2785973002: token-server: Add protos for new API for generating service account tokens. (Closed)

Patch Set: fix tests Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The LUCI Authors. All rights reserved.	1 // Copyright 2016 The LUCI Authors. All rights reserved.

2 // Use of this source code is governed under the Apache License, Version 2.0	2 // Use of this source code is governed under the Apache License, Version 2.0

3 // that can be found in the LICENSE file.	3 // that can be found in the LICENSE file.

4	4

5 syntax = "proto3";	5 syntax = "proto3";

6	6

7 package tokenserver.admin;	7 package tokenserver.admin;

8	8

9	9

10 // TokenServerConfig is read from tokenserver.cfg in luci-config.	10 // TokenServerConfig is read from tokenserver.cfg in luci-config.

(...skipping 135 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
146 // * A service identity string ("service:<id>").	146 // * A service identity string ("service:<id>").

147 // * A special token "*" that mean "any LUCI service should accept the	147 // * A special token "*" that mean "any LUCI service should accept the

148 // token".	148 // token".

149 repeated string target_service = 6;	149 repeated string target_service = 6;

150	150

151 // Maximum allowed validity duration (sec) of minted delegation tokens.	151 // Maximum allowed validity duration (sec) of minted delegation tokens.

152 //	152 //

153 // Default is 12 hours.	153 // Default is 12 hours.

154 int64 max_validity_duration = 7;	154 int64 max_validity_duration = 7;

155 }	155 }

	156

	157

	158 // ServiceAccountsPermissions is read from service_accounts.cfg in luci-config.

	159 message ServiceAccountsPermissions {

	160 // Rules specify how MintOAuthTokenViaGrant can be used.

	161 //

	162 // Rules are evaluated independently. One and only one rule should match the

	163 // request to allow the operation. If none rules or more than one rule match,

	164 // the request will be denied.

	165 //

	166 // See ServiceAccountRule comments for more details.

	167 repeated ServiceAccountRule rules = 1;

	168 }

	169

	170

	171 // ServiceAccountRule describes a single allowed case of using service accounts.

	172 //

	173 // TODO(vadimsh): Implement.

	174 message ServiceAccountRule {

	175 // A descriptive name of this rule, for the audit log.

	176 string name = 1;

	177

	178 // Email of developers that added this rule, to know who to contact.
	nodir 2017/04/03 22:51:55 s/added/own added can be derived from git log s/added/own added can be derived from git log Vadim Sh. 2017/07/28 22:44:46 Done. Show quoted text On 2017/04/03 22:51:55, nodir wrote: > s/added/own > added can be derived from git log Done.
	179 repeated string owner = 2;

	180 }

OLD	NEW

« no previous file with comments | « tokenserver/api/admin/v1/adminserver_dec.go ('k') | tokenserver/api/admin/v1/config.pb.go » ('j') | tokenserver/api/minter/v1/token_minter.proto » ('J')