token-server: Add protos for new API for generating service account tokens.

tokenserver/api/oauth_token_grant.pb.go

Index: tokenserver/api/oauth_token_grant.pb.go
diff --git a/tokenserver/api/oauth_token_grant.pb.go b/tokenserver/api/oauth_token_grant.pb.go
new file mode 100644
index 0000000000000000000000000000000000000000..896067a94185a2545e7bc95bd823b08d205e5c3e
--- /dev/null
+++ b/tokenserver/api/oauth_token_grant.pb.go
@@ -0,0 +1,167 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto
+
+package tokenserver
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+import google_protobuf "github.com/golang/protobuf/ptypes/timestamp"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// OAuthTokenGrantBody contains the internal guts of an oauth token grant.
+//
+// It gets serialized, signed and stuffed into OAuthTokenGrantEnvelope, which
+// then also gets serialized to get the final blob with the grant. This blob is
+// then base64-encoded and returned to the caller of MintOAuthTokenGrant.
+type OAuthTokenGrantBody struct {
+	// Identifier of this token as generated by the token server.
+	//
+	// Used for logging and tracking purposes.
+	//
+	// TODO(vadimsh): It may later be used for revocation purposes.
+	TokenId int64 `protobuf:"varint,1,opt,name=token_id,json=tokenId" json:"token_id,omitempty"`
+	// Service account identity the end user wants to act as.
+	//
+	// A string of the form "user:<email>".
+	ServiceAccount string `protobuf:"bytes,2,opt,name=service_account,json=serviceAccount" json:"service_account,omitempty"`
+	// Who requested this token and who can pass it to MintOAuthTokenViaGrant.
+	//
+	// A string of the form "user:<email>". On Swarming, this is Swarming's own
+	// service account name.
+	WielderIdentity string `protobuf:"bytes,3,opt,name=wielder_identity,json=wielderIdentity" json:"wielder_identity,omitempty"`
+	// An end user that wants to act as the service account (perhaps indirectly).
+	//
+	// A string of the form "user:<email>". On Swarming, this is an identity of
+	// a user that posted the task.
+	EndUserIdentity string `protobuf:"bytes,4,opt,name=end_user_identity,json=endUserIdentity" json:"end_user_identity,omitempty"`
+	// When the token was generated (and when it becomes valid).
+	IssuedAt *google_protobuf.Timestamp `protobuf:"bytes,5,opt,name=issued_at,json=issuedAt" json:"issued_at,omitempty"`
+	// How long the token is considered valid (in seconds).
+	//
+	// It may become invalid sooner if the token server policy changes and the
+	// new policy doesn't allow this token.
+	ValidityDuration int64 `protobuf:"varint,6,opt,name=validity_duration,json=validityDuration" json:"validity_duration,omitempty"`
+}
+
+func (m *OAuthTokenGrantBody) Reset()                    { *m = OAuthTokenGrantBody{} }
+func (m *OAuthTokenGrantBody) String() string            { return proto.CompactTextString(m) }
+func (*OAuthTokenGrantBody) ProtoMessage()               {}
+func (*OAuthTokenGrantBody) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{0} }
+
+func (m *OAuthTokenGrantBody) GetTokenId() int64 {
+	if m != nil {
+		return m.TokenId
+	}
+	return 0
+}
+
+func (m *OAuthTokenGrantBody) GetServiceAccount() string {
+	if m != nil {
+		return m.ServiceAccount
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetWielderIdentity() string {
+	if m != nil {
+		return m.WielderIdentity
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetEndUserIdentity() string {
+	if m != nil {
+		return m.EndUserIdentity
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantBody) GetIssuedAt() *google_protobuf.Timestamp {
+	if m != nil {
+		return m.IssuedAt
+	}
+	return nil
+}
+
+func (m *OAuthTokenGrantBody) GetValidityDuration() int64 {
+	if m != nil {
+		return m.ValidityDuration
+	}
+	return 0
+}
+
+// OAuthTokenGrantEnvelope is what is actually being serialized and send to
+// the callers of MintOAuthTokenGrant (after being encoded using base64 standard
+// raw encoding).
+type OAuthTokenGrantEnvelope struct {
+	TokenBody      []byte `protobuf:"bytes,1,opt,name=token_body,json=tokenBody,proto3" json:"token_body,omitempty"`
+	KeyId          string `protobuf:"bytes,2,opt,name=key_id,json=keyId" json:"key_id,omitempty"`
+	Pkcs1Sha256Sig []byte `protobuf:"bytes,3,opt,name=pkcs1_sha256_sig,json=pkcs1Sha256Sig,proto3" json:"pkcs1_sha256_sig,omitempty"`
+}
+
+func (m *OAuthTokenGrantEnvelope) Reset()                    { *m = OAuthTokenGrantEnvelope{} }
+func (m *OAuthTokenGrantEnvelope) String() string            { return proto.CompactTextString(m) }
+func (*OAuthTokenGrantEnvelope) ProtoMessage()               {}
+func (*OAuthTokenGrantEnvelope) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{1} }
+
+func (m *OAuthTokenGrantEnvelope) GetTokenBody() []byte {
+	if m != nil {
+		return m.TokenBody
+	}
+	return nil
+}
+
+func (m *OAuthTokenGrantEnvelope) GetKeyId() string {
+	if m != nil {
+		return m.KeyId
+	}
+	return ""
+}
+
+func (m *OAuthTokenGrantEnvelope) GetPkcs1Sha256Sig() []byte {
+	if m != nil {
+		return m.Pkcs1Sha256Sig
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*OAuthTokenGrantBody)(nil), "tokenserver.OAuthTokenGrantBody")
+	proto.RegisterType((*OAuthTokenGrantEnvelope)(nil), "tokenserver.OAuthTokenGrantEnvelope")
+}
+
+func init() {
+	proto.RegisterFile("github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto", fileDescriptor1)
+}
+
+var fileDescriptor1 = []byte{
+	// 360 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x90, 0x5d, 0x6b, 0xdb, 0x30,
+	0x18, 0x85, 0x71, 0xb2, 0x64, 0x89, 0x12, 0xf2, 0xa1, 0x31, 0xe6, 0x05, 0xc6, 0x42, 0x6e, 0xe6,
+	0x6d, 0xcc, 0x66, 0x19, 0xdb, 0x2e, 0x47, 0x46, 0x4b, 0xc9, 0x55, 0xc1, 0x49, 0xaf, 0x85, 0x6c,
+	0xbd, 0xb5, 0x85, 0x1d, 0xc9, 0x58, 0x52, 0x8a, 0xff, 0x48, 0x7f, 0x6f, 0xb1, 0xe4, 0x40, 0xe8,
+	0x8d, 0xc1, 0xcf, 0x7b, 0x74, 0xe0, 0x3c, 0xe8, 0x5f, 0xc6, 0x75, 0x6e, 0x92, 0x30, 0x95, 0xa7,
+	0xa8, 0x34, 0x29, 0xb7, 0x9f, 0x1f, 0x99, 0x8c, 0xb4, 0x2c, 0x40, 0x28, 0xa8, 0xcf, 0x50, 0x47,
+	0xb4, 0xe2, 0x91, 0xa4, 0x46, 0xe7, 0xc4, 0x52, 0x92, 0xd5, 0x54, 0xe8, 0xb0, 0xaa, 0xa5, 0x96,
+	0x78, 0x72, 0x15, 0x5c, 0x7d, 0xce, 0xa4, 0xcc, 0x4a, 0x88, 0xec, 0x29, 0x31, 0x8f, 0x91, 0xe6,
+	0x27, 0x50, 0x9a, 0x9e, 0x2a, 0x97, 0xde, 0x3c, 0xf7, 0xd0, 0xbb, 0xfb, 0x9d, 0xd1, 0xf9, 0xb1,
+	0x7d, 0x75, 0xd7, 0xf6, 0xfc, 0x97, 0xac, 0xc1, 0x1f, 0xd1, 0xc8, 0x55, 0x73, 0xe6, 0x7b, 0x6b,
+	0x2f, 0xe8, 0xc7, 0x6f, 0xed, 0xff, 0x9e, 0xe1, 0x2f, 0x68, 0xde, 0xb6, 0xf3, 0x14, 0x08, 0x4d,
+	0x53, 0x69, 0x84, 0xf6, 0x7b, 0x6b, 0x2f, 0x18, 0xc7, 0xb3, 0x0e, 0xef, 0x1c, 0xc5, 0x5f, 0xd1,
+	0xe2, 0x89, 0x43, 0xc9, 0xa0, 0x26, 0x9c, 0x81, 0xd0, 0x5c, 0x37, 0x7e, 0xdf, 0x26, 0xe7, 0x1d,
+	0xdf, 0x77, 0x18, 0x7f, 0x43, 0x4b, 0x10, 0x8c, 0x18, 0x75, 0x9d, 0x7d, 0xe3, 0xb2, 0x20, 0xd8,
+	0x83, 0xba, 0xca, 0xfe, 0x45, 0x63, 0xae, 0x94, 0x01, 0x46, 0xa8, 0xf6, 0x07, 0x6b, 0x2f, 0x98,
+	0x6c, 0x57, 0xa1, 0xdb, 0x19, 0x5e, 0x76, 0x86, 0xc7, 0xcb, 0xce, 0x78, 0xe4, 0xc2, 0x3b, 0x8d,
+	0xbf, 0xa3, 0xe5, 0x99, 0x96, 0x9c, 0x71, 0xdd, 0x10, 0x66, 0x6a, 0xaa, 0xb9, 0x14, 0xfe, 0xd0,
+	0x8e, 0x5b, 0x5c, 0x0e, 0x37, 0x1d, 0xdf, 0x34, 0xe8, 0xc3, 0x2b, 0x2f, 0xb7, 0xe2, 0x0c, 0xa5,
+	0xac, 0x00, 0x7f, 0x42, 0xc8, 0xb9, 0x49, 0x24, 0x6b, 0xac, 0x9d, 0x69, 0x3c, 0xb6, 0xc4, 0xaa,
+	0x7b, 0x8f, 0x86, 0x05, 0x34, 0xad, 0x38, 0xa7, 0x65, 0x50, 0x40, 0xb3, 0x67, 0x38, 0x40, 0x8b,
+	0xaa, 0x48, 0xd5, 0x4f, 0xa2, 0x72, 0xba, 0xfd, 0xfd, 0x87, 0x28, 0x9e, 0x59, 0x1b, 0xd3, 0x78,
+	0x66, 0xf9, 0xc1, 0xe2, 0x03, 0xcf, 0x92, 0xa1, 0x5d, 0xf1, 0xeb, 0x25, 0x00, 0x00, 0xff, 0xff,
+	0xf3, 0xd2, 0xcf, 0x20, 0x0b, 0x02, 0x00, 0x00,
+}