messages

Documentation

Overview

Package messages is a generated protocol buffer package.

It is generated from these files:

github.com/luci/luci-go/server/auth/delegation/messages/delegation.proto

It has these top-level messages:

DelegationToken
Subtoken

Index

• Variables
• type DelegationToken
  • func (*DelegationToken) Descriptor() ([]byte, []int)
  • func (m *DelegationToken) GetPkcs1Sha256Sig() []byte
  • func (m *DelegationToken) GetSerializedSubtoken() []byte
  • func (m *DelegationToken) GetSignerId() string
  • func (m *DelegationToken) GetSigningKeyId() string
  • func (*DelegationToken) ProtoMessage()
  • func (m *DelegationToken) Reset()
  • func (m *DelegationToken) String() string
• type Subtoken
  • func (*Subtoken) Descriptor() ([]byte, []int)
  • func (m *Subtoken) GetAudience() []string
  • func (m *Subtoken) GetCreationTime() int64
  • func (m *Subtoken) GetDelegatedIdentity() string
  • func (m *Subtoken) GetKind() Subtoken_Kind
  • func (m *Subtoken) GetRequestorIdentity() string
  • func (m *Subtoken) GetServices() []string
  • func (m *Subtoken) GetSubtokenId() int64
  • func (m *Subtoken) GetValidityDuration() int32
  • func (*Subtoken) ProtoMessage()
  • func (m *Subtoken) Reset()
  • func (m *Subtoken) String() string
• type Subtoken_Kind
  • func (Subtoken_Kind) EnumDescriptor() ([]byte, []int)
  • func (x Subtoken_Kind) String() string

Variables

var Subtoken_Kind_name = map[int32]string{
	0: "UNKNOWN_KIND",
	1: "BEARER_DELEGATION_TOKEN",
}

var Subtoken_Kind_value = map[string]int32{
	"UNKNOWN_KIND":            0,
	"BEARER_DELEGATION_TOKEN": 1,
}

Types

type DelegationToken

type DelegationToken struct {
	// Identity of a service that signed this token.
	//
	// It can be a 'service:<app-id>' string or 'user:<service-account-email>'
	// string.
	//
	// In both cases the appropriate certificate store will be queried (via SSL)
	// for the public key to use for signature verification.
	SignerId string `protobuf:"bytes,2,opt,name=signer_id,json=signerId" json:"signer_id,omitempty"`
	// ID of a key used for making the signature.
	//
	// There can be multiple active keys at any moment in time: one used for new
	// signatures, and one being rotated out (but still valid for verification).
	//
	// The lifetime of the token indirectly depends on the lifetime of the signing
	// key, which is 24h. So delegation tokens can't live longer than 24h.
	SigningKeyId string `protobuf:"bytes,3,opt,name=signing_key_id,json=signingKeyId" json:"signing_key_id,omitempty"`
	// The signature: PKCS1_v1_5+SHA256(serialized_subtoken, signing_key_id).
	Pkcs1Sha256Sig []byte `protobuf:"bytes,4,opt,name=pkcs1_sha256_sig,json=pkcs1Sha256Sig,proto3" json:"pkcs1_sha256_sig,omitempty"`
	// Serialized Subtoken message. It's signature is stored in pkcs1_sha256_sig.
	SerializedSubtoken []byte `protobuf:"bytes,5,opt,name=serialized_subtoken,json=serializedSubtoken,proto3" json:"serialized_subtoken,omitempty"`
}

Signed serialized Subtoken.

This message is just an envelope that carries the serialized Subtoken message and its signature.

Next ID: 6.

func (*DelegationToken) Descriptor

func (*DelegationToken) Descriptor() ([]byte, []int)

func (*DelegationToken) GetPkcs1Sha256Sig

func (m *DelegationToken) GetPkcs1Sha256Sig() []byte

func (*DelegationToken) GetSerializedSubtoken

func (m *DelegationToken) GetSerializedSubtoken() []byte

func (*DelegationToken) GetSignerId

func (m *DelegationToken) GetSignerId() string

func (*DelegationToken) GetSigningKeyId

func (m *DelegationToken) GetSigningKeyId() string

func (*DelegationToken) ProtoMessage

func (*DelegationToken) ProtoMessage()

func (*DelegationToken) Reset

func (m *DelegationToken) Reset()

func (*DelegationToken) String

func (m *DelegationToken) String() string

type Subtoken

type Subtoken struct {
	// What kind of token is this.
	//
	// Defines how it can be used. See comments for Kind enum.
	Kind Subtoken_Kind `protobuf:"varint,8,opt,name=kind,enum=messages.Subtoken_Kind" json:"kind,omitempty"`
	// Identifier of this subtoken as generated by the token server.
	//
	// Used for logging and tracking purposes.
	SubtokenId int64 `protobuf:"varint,4,opt,name=subtoken_id,json=subtokenId" json:"subtoken_id,omitempty"`
	// Identity whose authority is delegated.
	//
	// A string of the form "user:<email>".
	DelegatedIdentity string `protobuf:"bytes,1,opt,name=delegated_identity,json=delegatedIdentity" json:"delegated_identity,omitempty"`
	// Who requested this token.
	//
	// This can match delegated_identity if the user is delegating their own
	// identity or it can be a different id if the token is actually
	// an impersonation token.
	RequestorIdentity string `protobuf:"bytes,7,opt,name=requestor_identity,json=requestorIdentity" json:"requestor_identity,omitempty"`
	// When the token was generated (and when it becomes valid).
	//
	// Number of seconds since epoch (Unix timestamp).
	CreationTime int64 `protobuf:"varint,2,opt,name=creation_time,json=creationTime" json:"creation_time,omitempty"`
	// How long the token is considered valid (in seconds).
	ValidityDuration int32 `protobuf:"varint,3,opt,name=validity_duration,json=validityDuration" json:"validity_duration,omitempty"`
	// Who can present this token.
	//
	// Each item can be an identity string (e.g. "user:<email>"), a "group:<name>"
	// string, or special "*" string which means "Any bearer can use the token".
	Audience []string `protobuf:"bytes,5,rep,name=audience" json:"audience,omitempty"`
	// What services should accept this token.
	//
	// List of services (specified as service identities, e.g. "service:app-id")
	// that should accept this token. May also contain special "*" string, which
	// means "All services".
	Services []string `protobuf:"bytes,6,rep,name=services" json:"services,omitempty"`
}

Identifies who delegates what authority to whom where.

Next ID: 9.

func (*Subtoken) Descriptor

func (*Subtoken) Descriptor() ([]byte, []int)

func (*Subtoken) GetAudience

func (m *Subtoken) GetAudience() []string

func (*Subtoken) GetCreationTime

func (m *Subtoken) GetCreationTime() int64

func (*Subtoken) GetDelegatedIdentity

func (m *Subtoken) GetDelegatedIdentity() string

func (*Subtoken) GetKind

func (m *Subtoken) GetKind() Subtoken_Kind

func (*Subtoken) GetRequestorIdentity

func (m *Subtoken) GetRequestorIdentity() string

func (*Subtoken) GetServices

func (m *Subtoken) GetServices() []string

func (*Subtoken) GetSubtokenId

func (m *Subtoken) GetSubtokenId() int64

func (*Subtoken) GetValidityDuration

func (m *Subtoken) GetValidityDuration() int32

func (*Subtoken) ProtoMessage

func (*Subtoken) ProtoMessage()

func (*Subtoken) Reset

func (m *Subtoken) Reset()

func (*Subtoken) String

func (m *Subtoken) String() string

type Subtoken_Kind

type Subtoken_Kind int32

const (
	// This is to catch old tokens that don't have 'kind' field yet.
	//
	// Tokens of this kind are interpreted as 'BEARER_DELEGATION_TOKEN' for now,
	// for compatibility. But eventually (when all backends are updated), they
	// will become invalid (and there will be no way to generate them). This is
	// needed to avoid old servers accidentally interpret tokens of kind != 0 as
	// BEARER_DELEGATION_TOKEN tokens.
	Subtoken_UNKNOWN_KIND Subtoken_Kind = 0
	// The token of this kind can be sent in X-Delegation-Token-V1 HTTP header.
	// The services will check all restrictions of the token, and will
	// authenticate requests as coming from 'delegated_identity'.
	Subtoken_BEARER_DELEGATION_TOKEN Subtoken_Kind = 1
)

func (Subtoken_Kind) EnumDescriptor

func (Subtoken_Kind) EnumDescriptor() ([]byte, []int)

func (Subtoken_Kind) String

func (x Subtoken_Kind) String() string