tokenserver/api/admin/v1/config.proto - Issue 2785973002: token-server: Add protos for new API for generating service account tokens.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: tokenserver/api/admin/v1/config.proto

Issue 2785973002: token-server: Add protos for new API for generating service account tokens. (Closed)

Patch Set: more nits Created 3 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The LUCI Authors. All rights reserved.	1 // Copyright 2016 The LUCI Authors. All rights reserved.

2 // Use of this source code is governed under the Apache License, Version 2.0	2 // Use of this source code is governed under the Apache License, Version 2.0

3 // that can be found in the LICENSE file.	3 // that can be found in the LICENSE file.

4	4

5 syntax = "proto3";	5 syntax = "proto3";

6	6

7 package tokenserver.admin;	7 package tokenserver.admin;

8	8

9	9

10 // TokenServerConfig is read from tokenserver.cfg in luci-config.	10 // TokenServerConfig is read from tokenserver.cfg in luci-config.

(...skipping 140 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
151 // * A service identity string ("service:<id>").	151 // * A service identity string ("service:<id>").

152 // * A special token "*" that mean "any LUCI service should accept the	152 // * A special token "*" that mean "any LUCI service should accept the

153 // token".	153 // token".

154 repeated string target_service = 6;	154 repeated string target_service = 6;

155	155

156 // Maximum allowed validity duration (sec) of minted delegation tokens.	156 // Maximum allowed validity duration (sec) of minted delegation tokens.

157 //	157 //

158 // Default is 12 hours.	158 // Default is 12 hours.

159 int64 max_validity_duration = 7;	159 int64 max_validity_duration = 7;

160 }	160 }

	161

	162

	163 // ServiceAccountsPermissions is read from service_accounts.cfg in luci-config.

	164 message ServiceAccountsPermissions {

	165 // Rules specify how MintOAuthTokenViaGrant can be used.

	166 //

	167 // Rules are evaluated independently. One and only one rule should match the

	168 // request to allow the operation. If none rules or more than one rule match,

	169 // the request will be denied.

	170 //

	171 // See ServiceAccountRule comments for more details.

	172 repeated ServiceAccountRule rules = 1;

	173 }

	174

	175

	176 // ServiceAccountRule describes a single allowed case of using service accounts.

	177 //

	178 // TODO(vadimsh): Implement.

	179 message ServiceAccountRule {

	180 // A descriptive name of this rule, for the audit log.

	181 string name = 1;

	182

	183 // Email of developers that owns this rule, to know who to contact.

	184 repeated string owner = 2;

	185 }

OLD	NEW

« no previous file with comments | « tokenserver/api/admin/v1/adminserver_dec.go ('k') | tokenserver/api/admin/v1/config.pb.go » ('j') | tokenserver/api/minter/v1/token_minter.proto » ('J')