Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(447)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/api/admin/v1/admin.proto

Issue 2993763002: tokenserver: Extract rules check into a separate function. (Closed)
Patch Set: more nits Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | tokenserver/api/admin/v1/admin.pb.go » ('j') | tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 syntax = "proto3"; 5 syntax = "proto3";
6 6
7 package tokenserver.admin; 7 package tokenserver.admin;
8 8
9 import "google/protobuf/empty.proto"; 9 import "google/protobuf/empty.proto";
10 10
11 import "github.com/luci/luci-go/server/auth/delegation/messages/delegation.proto "; 11 import "github.com/luci/luci-go/server/auth/delegation/messages/delegation.proto ";
12 import "github.com/luci/luci-go/tokenserver/api/admin/v1/config.proto";
12 import "github.com/luci/luci-go/tokenserver/api/machine_token.proto"; 13 import "github.com/luci/luci-go/tokenserver/api/machine_token.proto";
13 import "github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto"; 14 import "github.com/luci/luci-go/tokenserver/api/oauth_token_grant.proto";
14 15
15 16
16 // Admin service is used by service administrators to manage the server. 17 // Admin service is used by service administrators to manage the server.
17 service Admin { 18 service Admin {
18 // ImportCAConfigs makes the server read 'tokenserver.cfg'. 19 // ImportCAConfigs makes the server read 'tokenserver.cfg'.
19 rpc ImportCAConfigs(google.protobuf.Empty) returns (ImportedConfigs); 20 rpc ImportCAConfigs(google.protobuf.Empty) returns (ImportedConfigs);
20 21
21 // ImportDelegationConfigs makes the server read 'delegation.cfg'. 22 // ImportDelegationConfigs makes the server read 'delegation.cfg'.
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
217 message InspectOAuthTokenGrantRequest { 218 message InspectOAuthTokenGrantRequest {
218 // The token body. 219 // The token body.
219 string token = 1; 220 string token = 1;
220 } 221 }
221 222
222 223
223 // InspectOAuthTokenGrantResponse is return value of InspectOAuthTokenGrant RPC. 224 // InspectOAuthTokenGrantResponse is return value of InspectOAuthTokenGrant RPC.
224 message InspectOAuthTokenGrantResponse { 225 message InspectOAuthTokenGrantResponse {
225 // True if the token is valid. 226 // True if the token is valid.
226 // 227 //
227 // A token is valid if its signature is correct and it hasn't expired yet. 228 // A token is valid if its signature is correct, it hasn't expired yet and
229 // token server rules still allow it.
228 bool valid = 1; 230 bool valid = 1;
229 231
230 // Human readable summary of why token is invalid. 232 // Human readable summary of why token is invalid.
231 // 233 //
232 // Summarizes the rest of the fields of this struct. Set only if 'valid' is 234 // Summarizes the rest of the fields of this struct. Set only if 'valid' is
233 // false. 235 // false.
234 string invalidity_reason = 2; 236 string invalidity_reason = 2;
235 237
236 // True if the token signature was verified. 238 // True if the token signature was verified.
237 // 239 //
(...skipping 16 matching lines...) Expand all
254 // We use "non_" prefix to make default 'false' value safer. 256 // We use "non_" prefix to make default 'false' value safer.
255 bool non_expired = 4; 257 bool non_expired = 4;
256 258
257 // ID of a token server private key used to sign the token. 259 // ID of a token server private key used to sign the token.
258 string signing_key_id = 5; 260 string signing_key_id = 5;
259 261
260 // The deserialized token body. 262 // The deserialized token body.
261 // 263 //
262 // May be empty if token was malformed and couldn't be deserialized. 264 // May be empty if token was malformed and couldn't be deserialized.
263 tokenserver.OAuthTokenGrantBody token_body = 6; 265 tokenserver.OAuthTokenGrantBody token_body = 6;
266
267 // The service_accounts.cfg rule that governs the service account usage.
268 //
269 // May be present even if the token is not allowed by it.
270 admin.ServiceAccountRule matching_rule = 7;
271
272 // True if current service_accounts.cfg rules allow this token.
273 bool allowed_by_rules = 8;
264 } 274 }
OLDNEW
« no previous file with comments | « no previous file | tokenserver/api/admin/v1/admin.pb.go » ('j') | tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698