auth: Remove "shared" aka "global" secrets.

server/auth/service/protocol/replication.proto

 // Copyright 2014 The Swarming Authors. All rights reserved.
 // Use of this source code is governed by the Apache v2.0 license that can be
 // that can be found in the LICENSE file.
 
 // This file is copied from luci-py.git:
 // appengine/components/components/auth/proto/replication.proto
-// Commit: fa51b14f344c2e31416f94b6f0d00e5129b4de3d
+// Commit: def5fc8357e1334184e34d08750c8a8ab17d3141
 //
 // Changes: renamed package to 'protocol'.
 
 // Messages for Primary <-> Replica auth DB replication protocol.
 // Used from both Primary side (i.e. auth_service) and Replica side (any service
 // that uses auth component).
 
 syntax = "proto2";
 
 package protocol;
@@ skipping 90 matching lines @@
   // When the group was modified last time. Microseconds since epoch.
   required int64 modified_ts = 8;
   // Who modified the group last time.
   required string modified_by = 9;
 
   // A name of the group that can modify or delete this group.
   optional string owners = 10;
 }
 
 
-// Some secret blob. Corresponds to AuthSecret entity in model.py.
-message AuthSecret {
-  // Name of the secret.
-  required string name = 1;
-  // Last several values of a secret, with current value in front.
-  repeated bytes values = 2;
-  // When secret was modified last time. Microseconds since epoch.
-  required int64 modified_ts = 3;
-  // Who modified the secret last time.
-  required string modified_by = 4;
-}
-
-
 // A named set of whitelisted IP addresses. Corresponds to AuthIPWhitelist
 // entity in model.py.
 message AuthIPWhitelist {
   // Name of the IP whitelist.
   required string name = 1;
 
   // The list of IP subnets.
   repeated string subnets = 2;
 
   // Human readable description.
@@ skipping 21 matching lines @@
   // Why the assignment was created.
   required string comment = 3;
   // When the assignment was created. Microseconds since epoch.
   required int64 created_ts = 4;
   // Who created the assignment.
   required string created_by = 5;
 }
 
 
 // An entire database of auth configuration that is being replicated.
-// Corresponds to AuthGlobalConfig entity in model.py, plus a list of all groups
-// and a list of global secrets.
 message AuthDB {
+  reserved 5; // used to be 'secrets', no longer used
+
   // OAuth2 client_id to use to mint new OAuth2 tokens.
   required string oauth_client_id = 1;
   // OAuth2 client secret. Not so secret really, since it's passed to clients.
   required string oauth_client_secret = 2;
   // Additional OAuth2 client_ids allowed to access the services.
   repeated string oauth_additional_client_ids = 3;
   // All groups.
   repeated AuthGroup groups = 4;
-  // Global secrets shared between services.
-  repeated AuthSecret secrets = 5;
   // All IP whitelists.
   repeated AuthIPWhitelist ip_whitelists = 6;
   // Mapping 'account -> IP whitlist to use for that account'.
   repeated AuthIPWhitelistAssignment ip_whitelist_assignments = 7;
   // URL of a token server to use to generate delegation tokens.
   optional string token_server_url = 8;
 }
 
 
 // Information about some particular revision of auth DB.
@@ skipping 63 matching lines @@
 
   // Overall status of the operation.
   required Status status = 1;
   // Revision known by Replica (set for APPLIED and SKIPPED statuses).
   optional AuthDBRevision current_revision = 2;
   // Present for TRANSIENT_ERROR and FATAL_ERROR statuses.
   optional ErrorCode error_code = 3;
   // Version of 'auth' component on Replica, see components/auth/version.py.
   optional string auth_code_version = 4;
 }