configspb

package

v0.0.0-...-e7509a3 Latest Latest Go to latest Published: Nov 22, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/infra/luci/luci-go

Documentation ¶

Overview ¶

Package configspb defines configs that are used by auth service.

Index ¶

Variables
type GroupImporterConfig
type GroupImporterConfig_TarballUploadEntry
type IPAllowlistConfig
type IPAllowlistConfig_Assignment
type IPAllowlistConfig_IPAllowlist
type OAuthConfig
type PermissionsConfig
type PermissionsConfig_Role
type SettingsCfg

Constants ¶

This section is empty.

Variables ¶

View Source

var File_go_chromium_org_luci_auth_service_api_configspb_config_proto protoreflect.FileDescriptor

Functions ¶

This section is empty.

Types ¶

type GroupImporterConfig ¶

type GroupImporterConfig struct {
	TarballUpload []*GroupImporterConfig_TarballUploadEntry `protobuf:"bytes,3,rep,name=tarball_upload,json=tarballUpload,proto3" json:"tarball_upload,omitempty"`
	// contains filtered or unexported fields
}

Configuration of groups imported from external sources.

Provided via 'imports.cfg' config file.

func (*GroupImporterConfig) Descriptor deprecated

func (*GroupImporterConfig) Descriptor() ([]byte, []int)

Deprecated: Use GroupImporterConfig.ProtoReflect.Descriptor instead.

func (*GroupImporterConfig) GetTarballUpload ¶

func (x *GroupImporterConfig) GetTarballUpload() []*GroupImporterConfig_TarballUploadEntry

func (*GroupImporterConfig) ProtoMessage ¶

func (*GroupImporterConfig) ProtoMessage()

func (*GroupImporterConfig) ProtoReflect ¶

func (x *GroupImporterConfig) ProtoReflect() protoreflect.Message

func (*GroupImporterConfig) Reset ¶

func (x *GroupImporterConfig) Reset()

func (*GroupImporterConfig) String ¶

func (x *GroupImporterConfig) String() string

type GroupImporterConfig_TarballUploadEntry ¶

type GroupImporterConfig_TarballUploadEntry struct {

	// Identifies this particular entry. Used in push API requests.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A service account email that is allowed to do this push.
	AuthorizedUploader []string `protobuf:"bytes,2,rep,name=authorized_uploader,json=authorizedUploader,proto3" json:"authorized_uploader,omitempty"`
	// Email domain to append to imported identities.
	Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
	// List of group systems expected to be found in the archive. They act as
	// prefixes to group names, e.g. 'ldap'. Each system corresponds to
	// a subdirectory in the tarball. Each tarball may have groups from multiple
	// external systems, but groups from some external system must not be split
	// between multiple tarballs. When importer sees <group system name>/* in
	// a tarball, it modifies group list from that system on the auth_service to
	// match group list in the tarball _exactly_. For example it removes groups
	// that are on the server, but no longer present in the tarball.
	Systems []string `protobuf:"bytes,4,rep,name=systems,proto3" json:"systems,omitempty"`
	// List of groups to import from the tarball (as filenames relative to
	// tarball root, e.g. 'ldap/some-group'). If empty, imports all groups in
	// the tarball.
	Groups []string `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"`
	// contains filtered or unexported fields
}

Accept a tarball upload from some external service.

The tarball is pushed to the service (via PUT to /auth_service/api/v1/importer/ingest_tarball/<name>).

func (*GroupImporterConfig_TarballUploadEntry) Descriptor deprecated

func (*GroupImporterConfig_TarballUploadEntry) Descriptor() ([]byte, []int)

Deprecated: Use GroupImporterConfig_TarballUploadEntry.ProtoReflect.Descriptor instead.

func (*GroupImporterConfig_TarballUploadEntry) GetAuthorizedUploader ¶

func (x *GroupImporterConfig_TarballUploadEntry) GetAuthorizedUploader() []string

func (*GroupImporterConfig_TarballUploadEntry) GetDomain ¶

func (x *GroupImporterConfig_TarballUploadEntry) GetDomain() string

func (*GroupImporterConfig_TarballUploadEntry) GetGroups ¶

func (x *GroupImporterConfig_TarballUploadEntry) GetGroups() []string

func (*GroupImporterConfig_TarballUploadEntry) GetName ¶

func (x *GroupImporterConfig_TarballUploadEntry) GetName() string

func (*GroupImporterConfig_TarballUploadEntry) GetSystems ¶

func (x *GroupImporterConfig_TarballUploadEntry) GetSystems() []string

func (*GroupImporterConfig_TarballUploadEntry) ProtoMessage ¶

func (*GroupImporterConfig_TarballUploadEntry) ProtoMessage()

func (*GroupImporterConfig_TarballUploadEntry) ProtoReflect ¶

func (x *GroupImporterConfig_TarballUploadEntry) ProtoReflect() protoreflect.Message

func (*GroupImporterConfig_TarballUploadEntry) Reset ¶

func (x *GroupImporterConfig_TarballUploadEntry) Reset()

func (*GroupImporterConfig_TarballUploadEntry) String ¶

func (x *GroupImporterConfig_TarballUploadEntry) String() string

type IPAllowlistConfig ¶

type IPAllowlistConfig struct {

	// A set of named subnets.
	IpAllowlists []*IPAllowlistConfig_IPAllowlist `protobuf:"bytes,1,rep,name=ip_allowlists,json=ipAllowlists,proto3" json:"ip_allowlists,omitempty"`
	// A mapping "identity name -> IP allowlist name".
	Assignments []*IPAllowlistConfig_Assignment `protobuf:"bytes,2,rep,name=assignments,proto3" json:"assignments,omitempty"`
	// contains filtered or unexported fields
}

IP allowlists config: a set of named IP allowlists and a mapping between identity name -> IP allowlist to restrict it to.

func (*IPAllowlistConfig) Descriptor deprecated

func (*IPAllowlistConfig) Descriptor() ([]byte, []int)

Deprecated: Use IPAllowlistConfig.ProtoReflect.Descriptor instead.

func (*IPAllowlistConfig) GetAssignments ¶

func (x *IPAllowlistConfig) GetAssignments() []*IPAllowlistConfig_Assignment

func (*IPAllowlistConfig) GetIpAllowlists ¶

func (x *IPAllowlistConfig) GetIpAllowlists() []*IPAllowlistConfig_IPAllowlist

func (*IPAllowlistConfig) ProtoMessage ¶

func (*IPAllowlistConfig) ProtoMessage()

func (*IPAllowlistConfig) ProtoReflect ¶

func (x *IPAllowlistConfig) ProtoReflect() protoreflect.Message

func (*IPAllowlistConfig) Reset ¶

func (x *IPAllowlistConfig) Reset()

func (*IPAllowlistConfig) String ¶

func (x *IPAllowlistConfig) String() string

type IPAllowlistConfig_Assignment ¶

type IPAllowlistConfig_Assignment struct {

	// Identity to restrict IPs to.
	Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
	// Name of the corresponding IPAllowlist with a set of subnets.
	IpAllowlistName string `protobuf:"bytes,2,opt,name=ip_allowlist_name,json=ipAllowlistName,proto3" json:"ip_allowlist_name,omitempty"`
	// contains filtered or unexported fields
}

func (*IPAllowlistConfig_Assignment) Descriptor deprecated

func (*IPAllowlistConfig_Assignment) Descriptor() ([]byte, []int)

Deprecated: Use IPAllowlistConfig_Assignment.ProtoReflect.Descriptor instead.

func (*IPAllowlistConfig_Assignment) GetIdentity ¶

func (x *IPAllowlistConfig_Assignment) GetIdentity() string

func (*IPAllowlistConfig_Assignment) GetIpAllowlistName ¶

func (x *IPAllowlistConfig_Assignment) GetIpAllowlistName() string

func (*IPAllowlistConfig_Assignment) ProtoMessage ¶

func (*IPAllowlistConfig_Assignment) ProtoMessage()

func (*IPAllowlistConfig_Assignment) ProtoReflect ¶

func (x *IPAllowlistConfig_Assignment) ProtoReflect() protoreflect.Message

func (*IPAllowlistConfig_Assignment) Reset ¶

func (x *IPAllowlistConfig_Assignment) Reset()

func (*IPAllowlistConfig_Assignment) String ¶

func (x *IPAllowlistConfig_Assignment) String() string

type IPAllowlistConfig_IPAllowlist ¶

type IPAllowlistConfig_IPAllowlist struct {

	// Name of the IP allowlist.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// List of subnets.
	Subnets []string `protobuf:"bytes,2,rep,name=subnets,proto3" json:"subnets,omitempty"`
	// Names of other IPAllowlist entities to include.
	Includes []string `protobuf:"bytes,3,rep,name=includes,proto3" json:"includes,omitempty"`
	// contains filtered or unexported fields
}

func (*IPAllowlistConfig_IPAllowlist) Descriptor deprecated

func (*IPAllowlistConfig_IPAllowlist) Descriptor() ([]byte, []int)

Deprecated: Use IPAllowlistConfig_IPAllowlist.ProtoReflect.Descriptor instead.

func (*IPAllowlistConfig_IPAllowlist) GetIncludes ¶

func (x *IPAllowlistConfig_IPAllowlist) GetIncludes() []string

func (*IPAllowlistConfig_IPAllowlist) GetName ¶

func (x *IPAllowlistConfig_IPAllowlist) GetName() string

func (*IPAllowlistConfig_IPAllowlist) GetSubnets ¶

func (x *IPAllowlistConfig_IPAllowlist) GetSubnets() []string

func (*IPAllowlistConfig_IPAllowlist) ProtoMessage ¶

func (*IPAllowlistConfig_IPAllowlist) ProtoMessage()

func (*IPAllowlistConfig_IPAllowlist) ProtoReflect ¶

func (x *IPAllowlistConfig_IPAllowlist) ProtoReflect() protoreflect.Message

func (*IPAllowlistConfig_IPAllowlist) Reset ¶

func (x *IPAllowlistConfig_IPAllowlist) Reset()

func (*IPAllowlistConfig_IPAllowlist) String ¶

func (x *IPAllowlistConfig_IPAllowlist) String() string

type OAuthConfig ¶

type OAuthConfig struct {

	// ClientID returned by /auth/api/v1/server/oauth_config endpoint to clients.
	PrimaryClientId string `protobuf:"bytes,1,opt,name=primary_client_id,json=primaryClientId,proto3" json:"primary_client_id,omitempty"`
	// Client secret (that's not really a secret, since it is visible) returned
	// by /auth/api/v1/server/oauth_config endpoint to clients. Corresponding
	// callback URL must be localhost or urn:ietf:wg:oauth:2.0:oob.
	PrimaryClientSecret string `protobuf:"bytes,2,opt,name=primary_client_secret,json=primaryClientSecret,proto3" json:"primary_client_secret,omitempty"`
	// Allowlist of all accepted client_ids (in addition to the primary one).
	ClientIds []string `protobuf:"bytes,3,rep,name=client_ids,json=clientIds,proto3" json:"client_ids,omitempty"`
	// URL of a token server to use to generate delegation tokens.
	TokenServerUrl string `protobuf:"bytes,4,opt,name=token_server_url,json=tokenServerUrl,proto3" json:"token_server_url,omitempty"`
	// contains filtered or unexported fields
}

Legacy config, this is maintained to support clients still utilizing https://crsrc.org/i/luci/client/utils/oauth.py;l=419;drc=173496da114efb94dceedb58e588b9c58dabc5e9

Global config. Includes OAuth client_id allowlist and token server URL.

Provided via 'oauth.cfg' config file.

func (*OAuthConfig) Descriptor deprecated

func (*OAuthConfig) Descriptor() ([]byte, []int)

Deprecated: Use OAuthConfig.ProtoReflect.Descriptor instead.

func (*OAuthConfig) GetClientIds ¶

func (x *OAuthConfig) GetClientIds() []string

func (*OAuthConfig) GetPrimaryClientId ¶

func (x *OAuthConfig) GetPrimaryClientId() string

func (*OAuthConfig) GetPrimaryClientSecret ¶

func (x *OAuthConfig) GetPrimaryClientSecret() string

func (*OAuthConfig) GetTokenServerUrl ¶

func (x *OAuthConfig) GetTokenServerUrl() string

func (*OAuthConfig) ProtoMessage ¶

func (*OAuthConfig) ProtoMessage()

func (*OAuthConfig) ProtoReflect ¶

func (x *OAuthConfig) ProtoReflect() protoreflect.Message

func (*OAuthConfig) Reset ¶

func (x *OAuthConfig) Reset()

func (*OAuthConfig) String ¶

func (x *OAuthConfig) String() string

type PermissionsConfig ¶

type PermissionsConfig struct {

	// Representation of all defined roles.
	Role []*PermissionsConfig_Role `protobuf:"bytes,1,rep,name=role,proto3" json:"role,omitempty"`
	// Defines attributes that can be referenced in certain conditions.
	Attribute []string `protobuf:"bytes,2,rep,name=attribute,proto3" json:"attribute,omitempty"`
	// contains filtered or unexported fields
}

Provided via 'permissions.cfg' config file. Defines the list of roles and their respective permissions.

func (*PermissionsConfig) Descriptor deprecated

func (*PermissionsConfig) Descriptor() ([]byte, []int)

Deprecated: Use PermissionsConfig.ProtoReflect.Descriptor instead.

func (*PermissionsConfig) GetAttribute ¶

func (x *PermissionsConfig) GetAttribute() []string

func (*PermissionsConfig) GetRole ¶

func (x *PermissionsConfig) GetRole() []*PermissionsConfig_Role

func (*PermissionsConfig) ProtoMessage ¶

func (*PermissionsConfig) ProtoMessage()

func (*PermissionsConfig) ProtoReflect ¶

func (x *PermissionsConfig) ProtoReflect() protoreflect.Message

func (*PermissionsConfig) Reset ¶

func (x *PermissionsConfig) Reset()

func (*PermissionsConfig) String ¶

func (x *PermissionsConfig) String() string

type PermissionsConfig_Role ¶

type PermissionsConfig_Role struct {

	// Identifier for a role, will have the form <prefix><project>.<noun>
	//
	//	examples:
	//	  "role/exampleproject.reader"
	//	  "role/exampleproject.owner"
	//
	// Prefixes:
	//
	//	"role/" -- role names defined in Auth service code.
	//	"customRole/" -- role names that can be defined in user-supplied realms.cfg.
	//	"role/luci.internal." -- interally used roles that are forbidden in realms.cfg.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// List of permissions associated with this role, same permission may not be
	// declared more than once per role.
	// Permissions should be of the form: <service>.<subject>.<verb>
	Permissions []*protocol.Permission `protobuf:"bytes,2,rep,name=permissions,proto3" json:"permissions,omitempty"`
	// List of other roles to include in this role, includes all the permissions
	// that the included role contains. The referenced role should be defined already.
	Includes []string `protobuf:"bytes,3,rep,name=includes,proto3" json:"includes,omitempty"`
	// contains filtered or unexported fields
}

Defines a role that includes given permissions and other roles. The role should not have been defined before. To include this role into another role, you can specify this role by name.

func (*PermissionsConfig_Role) Descriptor deprecated

func (*PermissionsConfig_Role) Descriptor() ([]byte, []int)

Deprecated: Use PermissionsConfig_Role.ProtoReflect.Descriptor instead.

func (*PermissionsConfig_Role) GetIncludes ¶

func (x *PermissionsConfig_Role) GetIncludes() []string

func (*PermissionsConfig_Role) GetName ¶

func (x *PermissionsConfig_Role) GetName() string

func (*PermissionsConfig_Role) GetPermissions ¶

func (x *PermissionsConfig_Role) GetPermissions() []*protocol.Permission

func (*PermissionsConfig_Role) ProtoMessage ¶

func (*PermissionsConfig_Role) ProtoMessage()

func (*PermissionsConfig_Role) ProtoReflect ¶

func (x *PermissionsConfig_Role) ProtoReflect() protoreflect.Message

func (*PermissionsConfig_Role) Reset ¶

func (x *PermissionsConfig_Role) Reset()

func (*PermissionsConfig_Role) String ¶

func (x *PermissionsConfig_Role) String() string

type SettingsCfg ¶

type SettingsCfg struct {

	// Enable ts_mon based monitoring.
	EnableTsMonitoring bool `protobuf:"varint,1,opt,name=enable_ts_monitoring,json=enableTsMonitoring,proto3" json:"enable_ts_monitoring,omitempty"`
	// If set, store the latest AuthDB snapshot in Google Storage.
	//
	// Should have format "<bucket>/<prefix>".
	//
	// Auth service will take ownership of two objects there:
	//  1. latest.json: JSON-serialized AuthDBRevision proto.
	//  2. latest.db: binary-serialized SignedAuthDB with actual AuthDB data.
	//
	// When AuthDB changes, Auth service updates latest.db, then latest.json, and
	// finally sends a PubSub notification.
	//
	// Consumers can either poll latest.json for changes, or they can setup
	// a PubSub subscription via /auth_service/api/v1/authdb/subscription/ to get
	// notified.
	//
	// Requires at least one AuthDB change (e.g. a group update) for the files
	// to appear after setting or changing auth_db_gs_path.
	//
	// When changing or removing auth_db_gs_path, files at the old location are
	// not automatically cleaned up.
	AuthDbGsPath string `protobuf:"bytes,2,opt,name=auth_db_gs_path,json=authDbGsPath,proto3" json:"auth_db_gs_path,omitempty"`
	// contains filtered or unexported fields
}

Auth service configuration that applies specifically to the service, not to any linked services.

Provided via 'settings.cfg' config file.

func (*SettingsCfg) Descriptor deprecated

func (*SettingsCfg) Descriptor() ([]byte, []int)

Deprecated: Use SettingsCfg.ProtoReflect.Descriptor instead.

func (*SettingsCfg) GetAuthDbGsPath ¶

func (x *SettingsCfg) GetAuthDbGsPath() string

func (*SettingsCfg) GetEnableTsMonitoring ¶

func (x *SettingsCfg) GetEnableTsMonitoring() bool

func (*SettingsCfg) ProtoMessage ¶

func (*SettingsCfg) ProtoMessage()

func (*SettingsCfg) ProtoReflect ¶

func (x *SettingsCfg) ProtoReflect() protoreflect.Message

func (*SettingsCfg) Reset ¶

func (x *SettingsCfg) Reset()

func (*SettingsCfg) String ¶

func (x *SettingsCfg) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL