token-server: Add protos for new API for generating service account tokens.

tokenserver/api/oauth_token_grant.pb.go

Index: tokenserver/api/oauth_token_grant.pb.go
diff --git a/tokenserver/api/oauth_token_grant.pb.go b/tokenserver/api/oauth_token_grant.pb.go
new file mode 100644
index 0000000000000000000000000000000000000000..1471d627dc53ad23f38c5e30020e23fd5e7f2127
--- /dev/null
+++ b/tokenserver/api/oauth_token_grant.pb.go
@@ -0,0 +1,168 @@
+// Code generated by protoc-gen-go.
+// source: github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto
+// DO NOT EDIT!
+
+package tokenserver
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+import google_protobuf "github.com/golang/protobuf/ptypes/timestamp"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// OAuthTokenGrantBody contains the internal guts of an oauth token grant.
+//
+// It gets serialized, signed and stuffed into OAuthTokenGrantEnvelope, which
+// then also gets serialized to get the final blob with the grant. This blob is
+// then base64-encoded and returned to the caller of MintOAuthTokenGrant.
+type OAuthTokenGrantBody struct {
+	// Identifier of this token as generated by the token server.
+	//
+	// Used for logging and tracking purposes.
+	//
+	// TODO(vadimsh): It may later be used for revocation purposes.
+	SubtokenId int64 `protobuf:"varint,1,opt,name=subtoken_id,json=subtokenId" json:"subtoken_id,omitempty"`
+	// Service account identity the end user wants to act as.
+	//
+	// A string of the form "user:<email>".
+	ServiceAccount string `protobuf:"bytes,2,opt,name=service_account,json=serviceAccount" json:"service_account,omitempty"`
+	// Who requested this token and who can pass it to MintOAuthTokenViaGrant.
+	//
+	// A string of the form "user:<email>". On Swarming, this is Swarming's own
+	// service account name.
+	WielderIdentity string `protobuf:"bytes,3,opt,name=wielder_identity,json=wielderIdentity" json:"wielder_identity,omitempty"`
+	// An end user that wants to act as the service account (perhaps indirectly).
+	//
+	// A string of the form "user:<email>". On Swarming, this is an identity of
+	// a user that posted the task.
+	EndUserIdentity string `protobuf:"bytes,4,opt,name=end_user_identity,json=endUserIdentity" json:"end_user_identity,omitempty"`
+	// When the token was generated (and when it becomes valid).
+	IssuedAt *google_protobuf.Timestamp `protobuf:"bytes,5,opt,name=issued_at,json=issuedAt" json:"issued_at,omitempty"`
+	// How long the token is considered valid (in seconds).
+	//
+	// It may become invalid sooner if the token server policy changes and the
+	// new policy doesn't allow this token.
+	ValidityDuration int64 `protobuf:"varint,6,opt,name=validity_duration,json=validityDuration" json:"validity_duration,omitempty"`
+}
+
+func (m *OAuthTokenGrantBody) Reset()                    { *m = OAuthTokenGrantBody{} }
+func (m *OAuthTokenGrantBody) String() string            { return proto.CompactTextString(m) }
+func (*OAuthTokenGrantBody) ProtoMessage()               {}
+func (*OAuthTokenGrantBody) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{0} }
+
+func (m *OAuthTokenGrantBody) GetSubtokenId() int64 {
+	if m != nil {
+		return m.SubtokenId
+	}
+	return 0
+}
+
+func (m *OAuthTokenGrantBody) GetServiceAccount() string {
+	if m != nil {
+		return m.ServiceAccount
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetWielderIdentity() string {
+	if m != nil {
+		return m.WielderIdentity
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetEndUserIdentity() string {
+	if m != nil {
+		return m.EndUserIdentity
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetIssuedAt() *google_protobuf.Timestamp {
+	if m != nil {
+		return m.IssuedAt
+	}
+	return nil
+}
+
+func (m *OAuthTokenGrantBody) GetValidityDuration() int64 {
+	if m != nil {
+		return m.ValidityDuration
+	}
+	return 0
+}
+
+// OAuthTokenGrantEnvelope is what is actually being serialized and send to
+// the callers of MintOAuthTokenGrant (after being encoded using base64 standard
+// raw encoding).
+type OAuthTokenGrantEnvelope struct {
+	TokenBody      []byte `protobuf:"bytes,1,opt,name=token_body,json=tokenBody,proto3" json:"token_body,omitempty"`
+	KeyId          string `protobuf:"bytes,2,opt,name=key_id,json=keyId" json:"key_id,omitempty"`
+	Pkcs1Sha256Sig []byte `protobuf:"bytes,3,opt,name=pkcs1_sha256_sig,json=pkcs1Sha256Sig,proto3" json:"pkcs1_sha256_sig,omitempty"`
+}
+
+func (m *OAuthTokenGrantEnvelope) Reset()                    { *m = OAuthTokenGrantEnvelope{} }
+func (m *OAuthTokenGrantEnvelope) String() string            { return proto.CompactTextString(m) }
+func (*OAuthTokenGrantEnvelope) ProtoMessage()               {}
+func (*OAuthTokenGrantEnvelope) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{1} }
+
+func (m *OAuthTokenGrantEnvelope) GetTokenBody() []byte {
+	if m != nil {
+		return m.TokenBody
+	}
+	return nil
+}
+
+func (m *OAuthTokenGrantEnvelope) GetKeyId() string {
+	if m != nil {
+		return m.KeyId
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantEnvelope) GetPkcs1Sha256Sig() []byte {
+	if m != nil {
+		return m.Pkcs1Sha256Sig
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*OAuthTokenGrantBody)(nil), "tokenserver.OAuthTokenGrantBody")
+	proto.RegisterType((*OAuthTokenGrantEnvelope)(nil), "tokenserver.OAuthTokenGrantEnvelope")
+}
+
+func init() {
+	proto.RegisterFile("github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto", fileDescriptor1)
+}
+
+var fileDescriptor1 = []byte{
+	// 361 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x90, 0xcf, 0x6b, 0xdb, 0x30,
+	0x1c, 0x47, 0x71, 0xb2, 0x84, 0x45, 0x09, 0xf9, 0xa1, 0x31, 0x66, 0x02, 0x23, 0x21, 0x97, 0x79,
+	0x1b, 0xb3, 0x59, 0xc6, 0xb6, 0xe3, 0xc8, 0xd8, 0x28, 0x39, 0x15, 0x9c, 0xf4, 0x2c, 0x64, 0xeb,
+	0x5b, 0x5b, 0xd8, 0x91, 0x8c, 0x25, 0xa5, 0xf8, 0x7f, 0xe9, 0x1f, 0x5b, 0x2c, 0xd9, 0x10, 0x7a,
+	0xf1, 0xe1, 0xe9, 0x59, 0xe2, 0xf3, 0xd0, 0x9f, 0x8c, 0xeb, 0xdc, 0x24, 0x61, 0x2a, 0x2f, 0x51,
+	0x69, 0x52, 0x6e, 0x3f, 0xdf, 0x32, 0x19, 0x69, 0x59, 0x80, 0x50, 0x50, 0x5f, 0xa1, 0x8e, 0x68,
+	0xc5, 0x23, 0x49, 0x8d, 0xce, 0x89, 0xa5, 0x24, 0xab, 0xa9, 0xd0, 0x61, 0x55, 0x4b, 0x2d, 0xf1,
+	0xf4, 0x46, 0x5c, 0x6f, 0x32, 0x29, 0xb3, 0x12, 0x22, 0x7b, 0x94, 0x98, 0xc7, 0x48, 0xf3, 0x0b,
+	0x28, 0x4d, 0x2f, 0x95, 0xb3, 0x77, 0xcf, 0x03, 0xf4, 0xee, 0xfe, 0x60, 0x74, 0x7e, 0x6e, 0xff,
+	0xba, 0x6b, 0xef, 0xf9, 0x2b, 0x59, 0x83, 0x37, 0x68, 0xaa, 0x4c, 0xe2, 0x6e, 0xe7, 0xcc, 0xf7,
+	0xb6, 0x5e, 0x30, 0x8c, 0x51, 0x8f, 0x8e, 0x0c, 0x7f, 0x42, 0x8b, 0xf6, 0x0d, 0x9e, 0x02, 0xa1,
+	0x69, 0x2a, 0x8d, 0xd0, 0xfe, 0x60, 0xeb, 0x05, 0x93, 0x78, 0xde, 0xe1, 0x83, 0xa3, 0xf8, 0x33,
+	0x5a, 0x3e, 0x71, 0x28, 0x19, 0xd4, 0x84, 0x33, 0x10, 0x9a, 0xeb, 0xc6, 0x1f, 0x5a, 0x73, 0xd1,
+	0xf1, 0x63, 0x87, 0xf1, 0x17, 0xb4, 0x02, 0xc1, 0x88, 0x51, 0xb7, 0xee, 0x1b, 0xe7, 0x82, 0x60,
+	0x0f, 0xea, 0xc6, 0xfd, 0x8d, 0x26, 0x5c, 0x29, 0x03, 0x8c, 0x50, 0xed, 0x8f, 0xb6, 0x5e, 0x30,
+	0xdd, 0xaf, 0x43, 0xb7, 0x36, 0xec, 0xd7, 0x86, 0xe7, 0x7e, 0x6d, 0xfc, 0xd6, 0xc9, 0x07, 0x8d,
+	0xbf, 0xa2, 0xd5, 0x95, 0x96, 0x9c, 0x71, 0xdd, 0x10, 0x66, 0x6a, 0xaa, 0xb9, 0x14, 0xfe, 0xd8,
+	0xee, 0x5b, 0xf6, 0x07, 0xff, 0x3a, 0xbe, 0x6b, 0xd0, 0x87, 0x57, 0x75, 0xfe, 0x8b, 0x2b, 0x94,
+	0xb2, 0x02, 0xfc, 0x11, 0x21, 0x97, 0x27, 0x91, 0xac, 0xb1, 0x81, 0x66, 0xf1, 0xc4, 0x12, 0x1b,
+	0xf0, 0x3d, 0x1a, 0x17, 0xd0, 0xb4, 0xed, 0x5c, 0x96, 0x51, 0x01, 0xcd, 0x91, 0xe1, 0x00, 0x2d,
+	0xab, 0x22, 0x55, 0xdf, 0x89, 0xca, 0xe9, 0xfe, 0xe7, 0x2f, 0xa2, 0x78, 0x66, 0x6b, 0xcc, 0xe2,
+	0xb9, 0xe5, 0x27, 0x8b, 0x4f, 0x3c, 0x4b, 0xc6, 0x76, 0xc5, 0x8f, 0x97, 0x00, 0x00, 0x00, 0xff,
+	0xff, 0xdb, 0x00, 0x73, 0xba, 0x11, 0x02, 0x00, 0x00,
+}