access

package
v0.0.0-...-51f9457 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2021 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package access contains Access service protocol.

Index

Constants

This section is empty.

Variables

View Source 
var File_go_chromium_org_luci_common_proto_access_access_proto protoreflect.FileDescriptor

Functions

func FileDescriptorSet 

func FileDescriptorSet() *descriptorpb.FileDescriptorSet

FileDescriptorSet returns a descriptor set for this proto package, which includes all defined services, and all transitive dependencies.

Will not return nil.

Do NOT modify the returned descriptor.

func RegisterAccessServer 

func RegisterAccessServer(s prpc.Registrar, srv AccessServer)

Types

type AccessClient 

type AccessClient interface {
	// PermittedActions returns a list of actions the requester can perform
	// on a given resource.
	PermittedActions(ctx context.Context, in *PermittedActionsRequest, opts ...grpc.CallOption) (*PermittedActionsResponse, error)
	// Description returns types of resources and actions that this service
	// supports.
	// It is intended to be used as self-documentation, for humans that play
	// with the API.
	// If the concepts returned by this RPC are internal, it should be restricted.
	Description(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*DescriptionResponse, error)
}

AccessClient is the client API for Access service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewAccessClient 

func NewAccessClient(cc grpc.ClientConnInterface) AccessClient

func NewAccessPRPCClient 

func NewAccessPRPCClient(client *prpc.Client) AccessClient

type AccessServer 

type AccessServer interface {
	// PermittedActions returns a list of actions the requester can perform
	// on a given resource.
	PermittedActions(context.Context, *PermittedActionsRequest) (*PermittedActionsResponse, error)
	// Description returns types of resources and actions that this service
	// supports.
	// It is intended to be used as self-documentation, for humans that play
	// with the API.
	// If the concepts returned by this RPC are internal, it should be restricted.
	Description(context.Context, *emptypb.Empty) (*DescriptionResponse, error)
}

AccessServer is the server API for Access service.

type DescriptionResponse 

type DescriptionResponse struct {

	// Resources is a list of resource types presented on the given service.
	Resources []*DescriptionResponse_ResourceDescription `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources,omitempty"`
	// contains filtered or unexported fields
}

DescriptionResponse is the response message from Access.Description.

func (*DescriptionResponse) Descriptor deprecated 

func (*DescriptionResponse) Descriptor() ([]byte, []int)

Deprecated: Use DescriptionResponse.ProtoReflect.Descriptor instead.

func (*DescriptionResponse) GetResources 

func (x *DescriptionResponse) GetResources() []*DescriptionResponse_ResourceDescription

func (*DescriptionResponse) ProtoMessage 

func (*DescriptionResponse) ProtoMessage()

func (*DescriptionResponse) ProtoReflect 

func (x *DescriptionResponse) ProtoReflect() protoreflect.Message

func (*DescriptionResponse) Reset 

func (x *DescriptionResponse) Reset()

func (*DescriptionResponse) String 

func (x *DescriptionResponse) String() string

type DescriptionResponse_ResourceDescription 

type DescriptionResponse_ResourceDescription struct {

	// Kind identifies the resource type presented on the service.
	// Access.PermittedActions accepts one of resource kinds.
	// Example: "bucket" for buildbucket bucket, "package" for CIPD package.
	//
	// For implementers:
	// Kind must match regexp `^[a-z\-/]+$`.
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// Comment provides more info about the resource.
	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
	// Actions defines all possible actions that can be performed on this type
	// of resource.
	//
	// Map key is an action ID, unique within the resource.
	// It is referenced from Role.allowed_actions.
	//
	// For implementers:
	// ActionId must match regexp `^[A-Z\_]+$`.
	// Recommendations:
	// - "READ", not "GET"
	// - "DELETE", not "REMOVE"
	// - prefer concrete actions ("ADD_BUILD", "CHANGE_ACL", "INCREMENT") to
	//   abstract ones ("MODIFY", "WRITE", "UPDATE").
	Actions map[string]*DescriptionResponse_ResourceDescription_Action `` /* 155-byte string literal not displayed */
	// Roles maps a role id to a set of actions.
	// Access configurations are typically expressed with roles, not actions.
	//
	// For implementers:
	// Role IDs must match regexp `^[A-Z\_]+$`.
	// Recommendataion: if it makes sense, make role ID close to the action
	// names, e.g. READER can READ, SCHEDULER can SCHEDULE.
	Roles map[string]*DescriptionResponse_ResourceDescription_Role `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

ResourceDescription is one resource type, e.g. buildbucket bucket or swarming pool.

func (*DescriptionResponse_ResourceDescription) Descriptor deprecated 

func (*DescriptionResponse_ResourceDescription) Descriptor() ([]byte, []int)

Deprecated: Use DescriptionResponse_ResourceDescription.ProtoReflect.Descriptor instead.

func (*DescriptionResponse_ResourceDescription) GetActions 

func (x *DescriptionResponse_ResourceDescription) GetActions() map[string]*DescriptionResponse_ResourceDescription_Action

func (*DescriptionResponse_ResourceDescription) GetComment 

func (x *DescriptionResponse_ResourceDescription) GetComment() string

func (*DescriptionResponse_ResourceDescription) GetKind 

func (x *DescriptionResponse_ResourceDescription) GetKind() string

func (*DescriptionResponse_ResourceDescription) GetRoles 

func (x *DescriptionResponse_ResourceDescription) GetRoles() map[string]*DescriptionResponse_ResourceDescription_Role

func (*DescriptionResponse_ResourceDescription) ProtoMessage 

func (*DescriptionResponse_ResourceDescription) ProtoMessage()

func (*DescriptionResponse_ResourceDescription) ProtoReflect 

func (x *DescriptionResponse_ResourceDescription) ProtoReflect() protoreflect.Message

func (*DescriptionResponse_ResourceDescription) Reset 

func (x *DescriptionResponse_ResourceDescription) Reset()

func (*DescriptionResponse_ResourceDescription) String 

func (x *DescriptionResponse_ResourceDescription) String() string

type DescriptionResponse_ResourceDescription_Action 

type DescriptionResponse_ResourceDescription_Action struct {

	// Comment provides more human-readable info about the action.
	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
	// contains filtered or unexported fields
}

Action describes what a user can do with a resource.

func (*DescriptionResponse_ResourceDescription_Action) Descriptor deprecated 

func (*DescriptionResponse_ResourceDescription_Action) Descriptor() ([]byte, []int)

Deprecated: Use DescriptionResponse_ResourceDescription_Action.ProtoReflect.Descriptor instead.

func (*DescriptionResponse_ResourceDescription_Action) GetComment 

func (x *DescriptionResponse_ResourceDescription_Action) GetComment() string

func (*DescriptionResponse_ResourceDescription_Action) ProtoMessage 

func (*DescriptionResponse_ResourceDescription_Action) ProtoMessage()

func (*DescriptionResponse_ResourceDescription_Action) ProtoReflect 

func (x *DescriptionResponse_ResourceDescription_Action) ProtoReflect() protoreflect.Message

func (*DescriptionResponse_ResourceDescription_Action) Reset 

func (x *DescriptionResponse_ResourceDescription_Action) Reset()

func (*DescriptionResponse_ResourceDescription_Action) String 

func (x *DescriptionResponse_ResourceDescription_Action) String() string

type DescriptionResponse_ResourceDescription_Role 

type DescriptionResponse_ResourceDescription_Role struct {

	// AllowedActions is a set of action IDs.
	// It defines what a role bearer can do with the resource.
	AllowedActions []string `protobuf:"bytes,1,rep,name=allowed_actions,json=allowedActions,proto3" json:"allowed_actions,omitempty"`
	// Comment provides more info about the role.
	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
	// contains filtered or unexported fields
}

Role is a named set of allowed actions.

func (*DescriptionResponse_ResourceDescription_Role) Descriptor deprecated 

func (*DescriptionResponse_ResourceDescription_Role) Descriptor() ([]byte, []int)

Deprecated: Use DescriptionResponse_ResourceDescription_Role.ProtoReflect.Descriptor instead.

func (*DescriptionResponse_ResourceDescription_Role) GetAllowedActions 

func (x *DescriptionResponse_ResourceDescription_Role) GetAllowedActions() []string

func (*DescriptionResponse_ResourceDescription_Role) GetComment 

func (x *DescriptionResponse_ResourceDescription_Role) GetComment() string

func (*DescriptionResponse_ResourceDescription_Role) ProtoMessage 

func (*DescriptionResponse_ResourceDescription_Role) ProtoMessage()

func (*DescriptionResponse_ResourceDescription_Role) ProtoReflect 

func (x *DescriptionResponse_ResourceDescription_Role) ProtoReflect() protoreflect.Message

func (*DescriptionResponse_ResourceDescription_Role) Reset 

func (x *DescriptionResponse_ResourceDescription_Role) Reset()

func (*DescriptionResponse_ResourceDescription_Role) String 

func (x *DescriptionResponse_ResourceDescription_Role) String() string

type PermittedActionsRequest 

type PermittedActionsRequest struct {

	// ResourceKind is one of Resource.kind values returned by Access.Description.
	// It identifies the type of the resource being checked.
	ResourceKind string `protobuf:"bytes,1,opt,name=resource_kind,json=resourceKind,proto3" json:"resource_kind,omitempty"`
	// ResourceIds identifies the resources presented on this service.
	// For example, for a buildbucket bucket it would be a bucket name
	// ("luci.chromium.try").
	// For a CIPD package it would be a full package name,
	// "infra/git/linux-amd64".
	ResourceIds []string `protobuf:"bytes,2,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids,omitempty"`
	// contains filtered or unexported fields
}

PermittedActionsRequest is a request message to Access.PermittedActions.

Besides explicit fields in the message, there is an implicit parameter: the current identity which is defined by the "Authorization" OAuth 2.0 HTTP header and, optionally, LUCI-specific delegation token header.

func (*PermittedActionsRequest) Descriptor deprecated 

func (*PermittedActionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use PermittedActionsRequest.ProtoReflect.Descriptor instead.

func (*PermittedActionsRequest) GetResourceIds 

func (x *PermittedActionsRequest) GetResourceIds() []string

func (*PermittedActionsRequest) GetResourceKind 

func (x *PermittedActionsRequest) GetResourceKind() string

func (*PermittedActionsRequest) ProtoMessage 

func (*PermittedActionsRequest) ProtoMessage()

func (*PermittedActionsRequest) ProtoReflect 

func (x *PermittedActionsRequest) ProtoReflect() protoreflect.Message

func (*PermittedActionsRequest) Reset 

func (x *PermittedActionsRequest) Reset()

func (*PermittedActionsRequest) String 

func (x *PermittedActionsRequest) String() string

type PermittedActionsResponse 

type PermittedActionsResponse struct {

	// Permitted maps a resource id to resource permissions.
	Permitted map[string]*PermittedActionsResponse_ResourcePermissions `` /* 159-byte string literal not displayed */
	// ValiditiyDuration specifies for how long clients may cache this
	// information.
	ValidityDuration *durationpb.Duration `protobuf:"bytes,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
	// contains filtered or unexported fields
}

PermittedActionsResponse is the response message of the Accses.PermittedActions.

func (*PermittedActionsResponse) Descriptor deprecated 

func (*PermittedActionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use PermittedActionsResponse.ProtoReflect.Descriptor instead.

func (*PermittedActionsResponse) GetPermitted 

func (x *PermittedActionsResponse) GetPermitted() map[string]*PermittedActionsResponse_ResourcePermissions

func (*PermittedActionsResponse) GetValidityDuration 

func (x *PermittedActionsResponse) GetValidityDuration() *durationpb.Duration

func (*PermittedActionsResponse) ProtoMessage 

func (*PermittedActionsResponse) ProtoMessage()

func (*PermittedActionsResponse) ProtoReflect 

func (x *PermittedActionsResponse) ProtoReflect() protoreflect.Message

func (*PermittedActionsResponse) Reset 

func (x *PermittedActionsResponse) Reset()

func (*PermittedActionsResponse) String 

func (x *PermittedActionsResponse) String() string

type PermittedActionsResponse_ResourcePermissions 

type PermittedActionsResponse_ResourcePermissions struct {

	// Actions is a list of action ids that the user can do on the resource.
	// For resources that do not exist, this list must be empty.
	Actions []string `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// contains filtered or unexported fields
}

ResourcePermissions describes what is permitted on a single resource.

func (*PermittedActionsResponse_ResourcePermissions) Descriptor deprecated 

func (*PermittedActionsResponse_ResourcePermissions) Descriptor() ([]byte, []int)

Deprecated: Use PermittedActionsResponse_ResourcePermissions.ProtoReflect.Descriptor instead.

func (*PermittedActionsResponse_ResourcePermissions) GetActions 

func (x *PermittedActionsResponse_ResourcePermissions) GetActions() []string

func (*PermittedActionsResponse_ResourcePermissions) ProtoMessage 

func (*PermittedActionsResponse_ResourcePermissions) ProtoMessage()

func (*PermittedActionsResponse_ResourcePermissions) ProtoReflect 

func (x *PermittedActionsResponse_ResourcePermissions) ProtoReflect() protoreflect.Message

func (*PermittedActionsResponse_ResourcePermissions) Reset 

func (x *PermittedActionsResponse_ResourcePermissions) Reset()

func (*PermittedActionsResponse_ResourcePermissions) String 

func (x *PermittedActionsResponse_ResourcePermissions) String() string

type UnimplementedAccessServer 

type UnimplementedAccessServer struct {
}

UnimplementedAccessServer can be embedded to have forward compatible implementations.

func (*UnimplementedAccessServer) Description 

func (*UnimplementedAccessServer) Description(context.Context, *emptypb.Empty) (*DescriptionResponse, error)

func (*UnimplementedAccessServer) PermittedActions 

func (*UnimplementedAccessServer) PermittedActions(context.Context, *PermittedActionsRequest) (*PermittedActionsResponse, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.