iamv1

package
v0.47.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2022 License: MIT Imports: 9 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Predefined roles for the service.
	//
	// optional einride.iam.v1.PredefinedRoles predefined_roles = 201601;
	E_PredefinedRoles = &file_einride_iam_v1_annotations_proto_extTypes[0]
	// Long-running operations authorization for the service.
	//
	// optional einride.iam.v1.LongRunningOperationsAuthorizationOptions long_running_operations_authorization = 201602;
	E_LongRunningOperationsAuthorization = &file_einride_iam_v1_annotations_proto_extTypes[1]
)

Extension fields to descriptorpb.ServiceOptions.

View Source
var (
	// Method authorization options.
	//
	// optional einride.iam.v1.MethodAuthorizationOptions method_authorization = 201600;
	E_MethodAuthorization = &file_einride_iam_v1_annotations_proto_extTypes[2]
)

Extension fields to descriptorpb.MethodOptions.

View Source
var File_einride_iam_v1_annotations_proto protoreflect.FileDescriptor
View Source
var File_einride_iam_v1_caller_proto protoreflect.FileDescriptor
View Source
var File_einride_iam_v1_identity_token_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Caller

type Caller struct {

	// The caller's resolved IAM members.
	Members []string `protobuf:"bytes,1,rep,name=members,proto3" json:"members,omitempty"`
	// Caller identity from gRPC metadata key/value pairs.
	Metadata map[string]*Caller_Metadata `` /* 157-byte string literal not displayed */
	// Caller context.
	// TODO: Remove this when cel-go supports async functions with context threading.
	Context *Caller_Context `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"`
	// contains filtered or unexported fields
}

Caller identity.

func (*Caller) Descriptor deprecated

func (*Caller) Descriptor() ([]byte, []int)

Deprecated: Use Caller.ProtoReflect.Descriptor instead.

func (*Caller) GetContext added in v0.37.0

func (x *Caller) GetContext() *Caller_Context

func (*Caller) GetMembers added in v0.15.0

func (x *Caller) GetMembers() []string

func (*Caller) GetMetadata added in v0.36.0

func (x *Caller) GetMetadata() map[string]*Caller_Metadata

func (*Caller) ProtoMessage

func (*Caller) ProtoMessage()

func (*Caller) ProtoReflect

func (x *Caller) ProtoReflect() protoreflect.Message

func (*Caller) Reset

func (x *Caller) Reset()

func (*Caller) String

func (x *Caller) String() string

type Caller_Context added in v0.37.0

type Caller_Context struct {

	// Deadline for the caller's request.
	Deadline *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=deadline,proto3" json:"deadline,omitempty"`
	// Trace context for the caller's request.
	Trace string `protobuf:"bytes,2,opt,name=trace,proto3" json:"trace,omitempty"`
	// contains filtered or unexported fields
}

Caller context for downstream network calls. TODO: Remove this when cel-go supports async functions with context threading.

func (*Caller_Context) Descriptor deprecated added in v0.37.0

func (*Caller_Context) Descriptor() ([]byte, []int)

Deprecated: Use Caller_Context.ProtoReflect.Descriptor instead.

func (*Caller_Context) GetDeadline added in v0.37.0

func (x *Caller_Context) GetDeadline() *timestamppb.Timestamp

func (*Caller_Context) GetTrace added in v0.37.0

func (x *Caller_Context) GetTrace() string

func (*Caller_Context) ProtoMessage added in v0.37.0

func (*Caller_Context) ProtoMessage()

func (*Caller_Context) ProtoReflect added in v0.37.0

func (x *Caller_Context) ProtoReflect() protoreflect.Message

func (*Caller_Context) Reset added in v0.37.0

func (x *Caller_Context) Reset()

func (*Caller_Context) String added in v0.37.0

func (x *Caller_Context) String() string

type Caller_Metadata added in v0.36.0

type Caller_Metadata struct {

	// The IAM members from the metadata value.
	Members []string `protobuf:"bytes,1,rep,name=members,proto3" json:"members,omitempty"`
	// The identity token from the metadata value.
	IdentityToken *IdentityToken `protobuf:"bytes,2,opt,name=identity_token,json=identityToken,proto3" json:"identity_token,omitempty"`
	// contains filtered or unexported fields
}

Caller identity for a gRPC metadata key/value pair.

func (*Caller_Metadata) Descriptor deprecated added in v0.36.0

func (*Caller_Metadata) Descriptor() ([]byte, []int)

Deprecated: Use Caller_Metadata.ProtoReflect.Descriptor instead.

func (*Caller_Metadata) GetIdentityToken added in v0.36.0

func (x *Caller_Metadata) GetIdentityToken() *IdentityToken

func (*Caller_Metadata) GetMembers added in v0.36.0

func (x *Caller_Metadata) GetMembers() []string

func (*Caller_Metadata) ProtoMessage added in v0.36.0

func (*Caller_Metadata) ProtoMessage()

func (*Caller_Metadata) ProtoReflect added in v0.36.0

func (x *Caller_Metadata) ProtoReflect() protoreflect.Message

func (*Caller_Metadata) Reset added in v0.36.0

func (x *Caller_Metadata) Reset()

func (*Caller_Metadata) String added in v0.36.0

func (x *Caller_Metadata) String() string

type IdentityToken added in v0.36.0

type IdentityToken struct {

	// The raw token value.
	Raw string `protobuf:"bytes,1,opt,name=raw,proto3" json:"raw,omitempty"`
	// The "iss" claim identifies the principal that issued the JWT.
	// The processing of this claim is generally application specific.
	// The "iss" value is a case-sensitive string containing a string or URI value.
	Iss string `protobuf:"bytes,2,opt,name=iss,proto3" json:"iss,omitempty"`
	// The "sub" claim identifies the principal that is the
	// subject of the JWT.  The claims in a JWT are normally statements
	// about the subject.  The subject value MUST either be scoped to be
	// locally unique in the context of the issuer or be globally unique.
	// The processing of this claim is generally application specific.
	// The "sub" value is a case-sensitive string containing a string or URI value.
	Sub string `protobuf:"bytes,3,opt,name=sub,proto3" json:"sub,omitempty"`
	// The "aud" claim identifies the recipients that the JWT is intended for.
	// Each principal intended to process the JWT MUST identify itself with a value in the audience claim.
	// If the principal processing the claim does not identify itself with a value in the
	// "aud" claim when this claim is present, then the JWT MUST be rejected.
	// In the general case, the "aud" value is an array of case-sensitive strings, each containing a
	// string or URI value.
	// In the special case when the JWT has one audience, the "aud" value MAY be a
	// single case-sensitive string containing a string or URI value.
	// The interpretation of audience values is generally application specific.
	Aud string `protobuf:"bytes,4,opt,name=aud,proto3" json:"aud,omitempty"`
	// The "exp" claim identifies the expiration time on or after
	// which the JWT MUST NOT be accepted for processing.
	// The processing of the "exp" claim requires that the current date/time
	// MUST be before the expiration date/time listed in the "exp" claim.
	Exp int64 `protobuf:"varint,5,opt,name=exp,proto3" json:"exp,omitempty"`
	// The "nbf" (not before) claim identifies the time before which the JWT
	// MUST NOT be accepted for processing. The processing of the "nbf"
	// claim requires that the current date/time MUST be after or equal to
	// the not-before date/time listed in the "nbf" claim. Implementers MAY
	// provide for some small leeway, usually no more than a few minutes, to
	// account for clock skew. Its value MUST be a number containing a
	// numeric date value.
	Nbf int64 `protobuf:"varint,6,opt,name=nbf,proto3" json:"nbf,omitempty"`
	// The "iat" claim identifies the time at which the JWT was
	// issued.  This claim can be used to determine the age of the JWT.
	// Its value MUST be a number containing a numeric date value.
	Iat int64 `protobuf:"varint,7,opt,name=iat,proto3" json:"iat,omitempty"`
	// contains filtered or unexported fields
}

A JWT identity token.

func (*IdentityToken) Descriptor deprecated added in v0.36.0

func (*IdentityToken) Descriptor() ([]byte, []int)

Deprecated: Use IdentityToken.ProtoReflect.Descriptor instead.

func (*IdentityToken) GetAud added in v0.36.0

func (x *IdentityToken) GetAud() string

func (*IdentityToken) GetExp added in v0.36.0

func (x *IdentityToken) GetExp() int64

func (*IdentityToken) GetIat added in v0.36.0

func (x *IdentityToken) GetIat() int64

func (*IdentityToken) GetIss added in v0.36.0

func (x *IdentityToken) GetIss() string

func (*IdentityToken) GetNbf added in v0.36.0

func (x *IdentityToken) GetNbf() int64

func (*IdentityToken) GetRaw added in v0.36.0

func (x *IdentityToken) GetRaw() string

func (*IdentityToken) GetSub added in v0.36.0

func (x *IdentityToken) GetSub() string

func (*IdentityToken) ProtoMessage added in v0.36.0

func (*IdentityToken) ProtoMessage()

func (*IdentityToken) ProtoReflect added in v0.36.0

func (x *IdentityToken) ProtoReflect() protoreflect.Message

func (*IdentityToken) Reset added in v0.36.0

func (x *IdentityToken) Reset()

func (*IdentityToken) String added in v0.36.0

func (x *IdentityToken) String() string

type LongRunningOperationPermissions added in v0.18.0

type LongRunningOperationPermissions struct {

	// The long-running operation resource. The type field is mandatory.
	Operation *annotations.ResourceDescriptor `protobuf:"bytes,1,opt,name=operation,proto3" json:"operation,omitempty"`
	// Permission for listing operations.
	List string `protobuf:"bytes,2,opt,name=list,proto3" json:"list,omitempty"`
	// Permission for getting an operation.
	Get string `protobuf:"bytes,3,opt,name=get,proto3" json:"get,omitempty"`
	// Permission for cancelling an operation.
	Cancel string `protobuf:"bytes,4,opt,name=cancel,proto3" json:"cancel,omitempty"`
	// Permission for deleting an operation.
	Delete string `protobuf:"bytes,5,opt,name=delete,proto3" json:"delete,omitempty"`
	// Permission for waiting on an operation.
	Wait string `protobuf:"bytes,6,opt,name=wait,proto3" json:"wait,omitempty"`
	// contains filtered or unexported fields
}

Permissions for a long-running operation.

func (*LongRunningOperationPermissions) Descriptor deprecated added in v0.18.0

func (*LongRunningOperationPermissions) Descriptor() ([]byte, []int)

Deprecated: Use LongRunningOperationPermissions.ProtoReflect.Descriptor instead.

func (*LongRunningOperationPermissions) GetCancel added in v0.18.0

func (x *LongRunningOperationPermissions) GetCancel() string

func (*LongRunningOperationPermissions) GetDelete added in v0.18.0

func (x *LongRunningOperationPermissions) GetDelete() string

func (*LongRunningOperationPermissions) GetGet added in v0.18.0

func (*LongRunningOperationPermissions) GetList added in v0.18.0

func (*LongRunningOperationPermissions) GetOperation added in v0.18.0

func (*LongRunningOperationPermissions) GetWait added in v0.18.0

func (*LongRunningOperationPermissions) ProtoMessage added in v0.18.0

func (*LongRunningOperationPermissions) ProtoMessage()

func (*LongRunningOperationPermissions) ProtoReflect added in v0.18.0

func (*LongRunningOperationPermissions) Reset added in v0.18.0

func (*LongRunningOperationPermissions) String added in v0.18.0

type LongRunningOperationsAuthorizationOptions added in v0.33.0

type LongRunningOperationsAuthorizationOptions struct {

	// The long-running operation permissions.
	OperationPermissions []*LongRunningOperationPermissions `protobuf:"bytes,1,rep,name=operation_permissions,json=operationPermissions,proto3" json:"operation_permissions,omitempty"`
	// Strategy that decides if the request is authorized.
	//
	// Types that are assignable to Strategy:
	//
	//	*LongRunningOperationsAuthorizationOptions_Before
	//	*LongRunningOperationsAuthorizationOptions_Custom
	//	*LongRunningOperationsAuthorizationOptions_None
	Strategy isLongRunningOperationsAuthorizationOptions_Strategy `protobuf_oneof:"strategy"`
	// contains filtered or unexported fields
}

Long-running operations permissions.

func (*LongRunningOperationsAuthorizationOptions) Descriptor deprecated added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) Descriptor() ([]byte, []int)

Deprecated: Use LongRunningOperationsAuthorizationOptions.ProtoReflect.Descriptor instead.

func (*LongRunningOperationsAuthorizationOptions) GetBefore added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) GetCustom added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) GetNone added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) GetOperationPermissions added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) GetStrategy added in v0.33.0

func (m *LongRunningOperationsAuthorizationOptions) GetStrategy() isLongRunningOperationsAuthorizationOptions_Strategy

func (*LongRunningOperationsAuthorizationOptions) ProtoMessage added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) ProtoReflect added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) Reset added in v0.33.0

func (*LongRunningOperationsAuthorizationOptions) String added in v0.33.0

type LongRunningOperationsAuthorizationOptions_Before added in v0.33.0

type LongRunningOperationsAuthorizationOptions_Before struct {
	// A flag indicating if a standard authorization checked is performed before the request.
	Before bool `protobuf:"varint,3,opt,name=before,proto3,oneof"`
}

type LongRunningOperationsAuthorizationOptions_Custom added in v0.33.0

type LongRunningOperationsAuthorizationOptions_Custom struct {
	// A flag indicating if custom-implemented authorization is needed.
	Custom bool `protobuf:"varint,4,opt,name=custom,proto3,oneof"`
}

type LongRunningOperationsAuthorizationOptions_None added in v0.33.0

type LongRunningOperationsAuthorizationOptions_None struct {
	// A flag indicating if no authorization is needed.
	None bool `protobuf:"varint,5,opt,name=none,proto3,oneof"`
}

type MethodAuthorizationOptions added in v0.14.0

type MethodAuthorizationOptions struct {

	// Permission to use for authorization.
	//
	// Types that are assignable to Permissions:
	//
	//	*MethodAuthorizationOptions_Permission
	//	*MethodAuthorizationOptions_ResourcePermissions
	Permissions isMethodAuthorizationOptions_Permissions `protobuf_oneof:"permissions"`
	// Strategy that decides if the request is authorized.
	//
	// Types that are assignable to Strategy:
	//
	//	*MethodAuthorizationOptions_Before
	//	*MethodAuthorizationOptions_After
	//	*MethodAuthorizationOptions_Custom
	//	*MethodAuthorizationOptions_None
	Strategy isMethodAuthorizationOptions_Strategy `protobuf_oneof:"strategy"`
	// contains filtered or unexported fields
}

Method authorization options.

func (*MethodAuthorizationOptions) Descriptor deprecated added in v0.14.0

func (*MethodAuthorizationOptions) Descriptor() ([]byte, []int)

Deprecated: Use MethodAuthorizationOptions.ProtoReflect.Descriptor instead.

func (*MethodAuthorizationOptions) GetAfter added in v0.14.0

func (x *MethodAuthorizationOptions) GetAfter() *expr.Expr

func (*MethodAuthorizationOptions) GetBefore added in v0.14.0

func (x *MethodAuthorizationOptions) GetBefore() *expr.Expr

func (*MethodAuthorizationOptions) GetCustom added in v0.14.0

func (x *MethodAuthorizationOptions) GetCustom() bool

func (*MethodAuthorizationOptions) GetNone added in v0.17.0

func (x *MethodAuthorizationOptions) GetNone() bool

func (*MethodAuthorizationOptions) GetPermission added in v0.14.0

func (x *MethodAuthorizationOptions) GetPermission() string

func (*MethodAuthorizationOptions) GetPermissions added in v0.14.0

func (m *MethodAuthorizationOptions) GetPermissions() isMethodAuthorizationOptions_Permissions

func (*MethodAuthorizationOptions) GetResourcePermissions added in v0.14.0

func (x *MethodAuthorizationOptions) GetResourcePermissions() *ResourcePermissions

func (*MethodAuthorizationOptions) GetStrategy added in v0.14.0

func (m *MethodAuthorizationOptions) GetStrategy() isMethodAuthorizationOptions_Strategy

func (*MethodAuthorizationOptions) ProtoMessage added in v0.14.0

func (*MethodAuthorizationOptions) ProtoMessage()

func (*MethodAuthorizationOptions) ProtoReflect added in v0.14.0

func (*MethodAuthorizationOptions) Reset added in v0.14.0

func (x *MethodAuthorizationOptions) Reset()

func (*MethodAuthorizationOptions) String added in v0.14.0

func (x *MethodAuthorizationOptions) String() string

type MethodAuthorizationOptions_After added in v0.14.0

type MethodAuthorizationOptions_After struct {
	// Expression that decides after the request if the caller is authorized.
	After *expr.Expr `protobuf:"bytes,4,opt,name=after,proto3,oneof"`
}

type MethodAuthorizationOptions_Before added in v0.14.0

type MethodAuthorizationOptions_Before struct {
	// Expression that decides before the request if the caller is authorized.
	Before *expr.Expr `protobuf:"bytes,3,opt,name=before,proto3,oneof"`
}

type MethodAuthorizationOptions_Custom added in v0.14.0

type MethodAuthorizationOptions_Custom struct {
	// A flag indicating if the method requires custom-implemented authorization.
	Custom bool `protobuf:"varint,5,opt,name=custom,proto3,oneof"`
}

type MethodAuthorizationOptions_None added in v0.17.0

type MethodAuthorizationOptions_None struct {
	// A flag indicating if the method requires no authorization.
	None bool `protobuf:"varint,6,opt,name=none,proto3,oneof"`
}

type MethodAuthorizationOptions_Permission added in v0.14.0

type MethodAuthorizationOptions_Permission struct {
	// A single permission used by the method.
	Permission string `protobuf:"bytes,1,opt,name=permission,proto3,oneof"`
}

type MethodAuthorizationOptions_ResourcePermissions added in v0.14.0

type MethodAuthorizationOptions_ResourcePermissions struct {
	// Resource permissions used by the method.
	ResourcePermissions *ResourcePermissions `protobuf:"bytes,2,opt,name=resource_permissions,json=resourcePermissions,proto3,oneof"`
}

type PredefinedRoles added in v0.30.0

type PredefinedRoles struct {

	// The predefined roles.
	Role []*v1.Role `protobuf:"bytes,1,rep,name=role,proto3" json:"role,omitempty"`
	// contains filtered or unexported fields
}

A list of predefined roles.

func (*PredefinedRoles) Descriptor deprecated added in v0.30.0

func (*PredefinedRoles) Descriptor() ([]byte, []int)

Deprecated: Use PredefinedRoles.ProtoReflect.Descriptor instead.

func (*PredefinedRoles) GetRole added in v0.30.0

func (x *PredefinedRoles) GetRole() []*v1.Role

func (*PredefinedRoles) ProtoMessage added in v0.30.0

func (*PredefinedRoles) ProtoMessage()

func (*PredefinedRoles) ProtoReflect added in v0.30.0

func (x *PredefinedRoles) ProtoReflect() protoreflect.Message

func (*PredefinedRoles) Reset added in v0.30.0

func (x *PredefinedRoles) Reset()

func (*PredefinedRoles) String added in v0.30.0

func (x *PredefinedRoles) String() string

type ResourcePermission added in v0.12.0

type ResourcePermission struct {

	// The resource.
	// When used for authorization method options, only the type must be provided.
	Resource *annotations.ResourceDescriptor `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// The permission.
	Permission string `protobuf:"bytes,2,opt,name=permission,proto3" json:"permission,omitempty"`
	// contains filtered or unexported fields
}

A resource type and a permission.

func (*ResourcePermission) Descriptor deprecated added in v0.12.0

func (*ResourcePermission) Descriptor() ([]byte, []int)

Deprecated: Use ResourcePermission.ProtoReflect.Descriptor instead.

func (*ResourcePermission) GetPermission added in v0.12.0

func (x *ResourcePermission) GetPermission() string

func (*ResourcePermission) GetResource added in v0.14.0

func (*ResourcePermission) ProtoMessage added in v0.12.0

func (*ResourcePermission) ProtoMessage()

func (*ResourcePermission) ProtoReflect added in v0.12.0

func (x *ResourcePermission) ProtoReflect() protoreflect.Message

func (*ResourcePermission) Reset added in v0.12.0

func (x *ResourcePermission) Reset()

func (*ResourcePermission) String added in v0.12.0

func (x *ResourcePermission) String() string

type ResourcePermissions added in v0.12.0

type ResourcePermissions struct {

	// The resource permissions.
	ResourcePermission []*ResourcePermission `protobuf:"bytes,1,rep,name=resource_permission,json=resourcePermission,proto3" json:"resource_permission,omitempty"`
	// contains filtered or unexported fields
}

Resource permissions.

func (*ResourcePermissions) Descriptor deprecated added in v0.12.0

func (*ResourcePermissions) Descriptor() ([]byte, []int)

Deprecated: Use ResourcePermissions.ProtoReflect.Descriptor instead.

func (*ResourcePermissions) GetResourcePermission added in v0.14.0

func (x *ResourcePermissions) GetResourcePermission() []*ResourcePermission

func (*ResourcePermissions) ProtoMessage added in v0.12.0

func (*ResourcePermissions) ProtoMessage()

func (*ResourcePermissions) ProtoReflect added in v0.12.0

func (x *ResourcePermissions) ProtoReflect() protoreflect.Message

func (*ResourcePermissions) Reset added in v0.12.0

func (x *ResourcePermissions) Reset()

func (*ResourcePermissions) String added in v0.12.0

func (x *ResourcePermissions) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL