| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 syntax = "proto3"; | 5 syntax = "proto3"; |
| 6 | 6 |
| 7 package tokenserver.admin; | 7 package tokenserver.admin; |
| 8 | 8 |
| 9 | 9 |
| 10 // TokenServerConfig is read from tokenserver.cfg in luci-config. | 10 // TokenServerConfig is read from tokenserver.cfg in luci-config. |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 // ("c.chromecompute.google.com.internal"), searches for a domain name in | 25 // ("c.chromecompute.google.com.internal"), searches for a domain name in |
| 26 // "known_domains" set, and, if it is present, uses parameters described there | 26 // "known_domains" set, and, if it is present, uses parameters described there |
| 27 // for generating a token that contains machine's FQDN and certificate serial | 27 // for generating a token that contains machine's FQDN and certificate serial |
| 28 // number (among other things, see MachineTokenBody in machine_token.proto). | 28 // number (among other things, see MachineTokenBody in machine_token.proto). |
| 29 message CertificateAuthorityConfig { | 29 message CertificateAuthorityConfig { |
| 30 int64 unique_id = 6; // ID of this CA, will be embedded into tokens. | 30 int64 unique_id = 6; // ID of this CA, will be embedded into tokens. |
| 31 string cn = 1; // CA Common Name, must match Subject CN in the cert | 31 string cn = 1; // CA Common Name, must match Subject CN in the cert |
| 32 string cert_path = 2; // path to the root certificate file in luci-config | 32 string cert_path = 2; // path to the root certificate file in luci-config |
| 33 string crl_url = 3; // where to fetch CRL from | 33 string crl_url = 3; // where to fetch CRL from |
| 34 bool use_oauth = 4; // true to send Authorization header when fetching CRL | 34 bool use_oauth = 4; // true to send Authorization header when fetching CRL |
| 35 repeated string oauth_scopes = 7; // OAuth scopes to use when fetching CRL |
| 35 | 36 |
| 36 // KnownDomains describes parameters to use for each particular domain. | 37 // KnownDomains describes parameters to use for each particular domain. |
| 37 repeated DomainConfig known_domains = 5; | 38 repeated DomainConfig known_domains = 5; |
| 38 } | 39 } |
| 39 | 40 |
| 40 | 41 |
| 41 // DomainConfig is used inside CertificateAuthorityConfig. | 42 // DomainConfig is used inside CertificateAuthorityConfig. |
| 42 message DomainConfig { | 43 message DomainConfig { |
| 43 reserved 2, 3, 4, 6; // deleted fields, do not reuse. | 44 reserved 2, 3, 4, 6; // deleted fields, do not reuse. |
| 44 | 45 |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 176 // ServiceAccountRule describes a single allowed case of using service accounts. | 177 // ServiceAccountRule describes a single allowed case of using service accounts. |
| 177 // | 178 // |
| 178 // TODO(vadimsh): Implement. | 179 // TODO(vadimsh): Implement. |
| 179 message ServiceAccountRule { | 180 message ServiceAccountRule { |
| 180 // A descriptive name of this rule, for the audit log. | 181 // A descriptive name of this rule, for the audit log. |
| 181 string name = 1; | 182 string name = 1; |
| 182 | 183 |
| 183 // Email of developers that owns this rule, to know who to contact. | 184 // Email of developers that owns this rule, to know who to contact. |
| 184 repeated string owner = 2; | 185 repeated string owner = 2; |
| 185 } | 186 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2988283002:
tokenserver: Allow customizing list of OAuth scopes to use for CRL fetch. (Closed)
