blob: c44c7d9ff65e53204b2d2286312ba214f9c45dea [file] [log] [blame]
// Copyright (c) 2016 The LUCI Authors. All rights reserved.
// Use of this source code is governed under the Apache License, Version 2.0
// that can be found in the LICENSE file.
syntax = "proto3";
package milo;
option go_package = "";
// Settings represents the format for the global (service) config for Milo.
message Settings {
reserved 1; // buildbot
message Buildbucket {
// name is the user friendly name of the Buildbucket instance we're pointing to.
string name = 1;
// host is the hostname of the buildbucket instance we're pointing to (sans scheme).
string host = 2;
// project is the name of the Google Cloud project that the pubsub topic
// belongs to.
// Deprecated: this is no longer used. The buildbucket subscription should
// be configured via GCP console.
// TODO(crbug/1255983): set up subscription configuration via terraform.
string project = 3;
Buildbucket buildbucket = 2;
message Swarming {
// default_host is the hostname of the swarming host Milo defaults to, if
// none is specified. Default host is implicitly an allowed host.
string default_host = 1;
// allowed_hosts is a list of hostnames of swarming instances that Milo is
// allowed to talk to. This is specified here for security reasons,
// because Milo will hand out its oauth2 token to a swarming host.
repeated string allowed_hosts = 2;
Swarming swarming = 3;
// SourceAcls grants read access on a set of Git/Gerrit hosts or projects.
message SourceAcls {
// host grants read access on all project at this host.
// For more granularity, use the project field instead.
// For * domains, host should not be a Gerrit host,
// i.e. it shouldn't be <subdomain>
repeated string hosts = 1;
// project is a URL to a Git repository.
// Read access is granted on both git data and Gerrit CLs of this project.
// For * Git repositories:
// URL Path should not start with '/a/' (forced authentication).
// URL Path should not end with '.git' (redundant).
repeated string projects = 2;
// readers are allowed to read git/gerrit data from targets.
// Three types of identity strings are supported:
// * Emails. For example: ""
// * Chrome-infra-auth Groups. For example: "group:committers"
// * Auth service identities. For example: "kind:name"
// Required.
repeated string readers = 3;
// source_acls instructs Milo to provide Git/Gerrit data
// (e.g., blamelist) to some of its users on entire subdomains or individual
// repositories (Gerrit "projects").
// Multiple records are allowed, but each host and project must appear only in
// one record.
repeated SourceAcls source_acls = 4;
message ResultDB {
// host is the hostname of the ResultDB instance we're pointing to (sans scheme).
string host = 1;
ResultDB resultdb = 5;