| // Copyright (c) 2016 The LUCI Authors. All rights reserved. |
| // Use of this source code is governed under the Apache License, Version 2.0 |
| // that can be found in the LICENSE file. |
| |
| syntax = "proto3"; |
| |
| package milo; |
| |
| option go_package = "go.chromium.org/luci/milo/api/config"; |
| |
| // Settings represents the format for the global (service) config for Milo. |
| message Settings { |
| reserved 1; // buildbot |
| |
| message Buildbucket { |
| // name is the user friendly name of the Buildbucket instance we're pointing to. |
| string name = 1; |
| |
| // host is the hostname of the buildbucket instance we're pointing to (sans scheme). |
| string host = 2; |
| |
| // project is the name of the Google Cloud project that the pubsub topic |
| // belongs to. |
| // |
| // Deprecated: this is no longer used. The buildbucket subscription should |
| // be configured via GCP console. |
| // TODO(crbug/1255983): set up subscription configuration via terraform. |
| string project = 3; |
| } |
| Buildbucket buildbucket = 2; |
| |
| message Swarming { |
| // default_host is the hostname of the swarming host Milo defaults to, if |
| // none is specified. Default host is implicitly an allowed host. |
| string default_host = 1; |
| |
| // allowed_hosts is a list of hostnames of swarming instances that Milo is |
| // allowed to talk to. This is specified here for security reasons, |
| // because Milo will hand out its oauth2 token to a swarming host. |
| repeated string allowed_hosts = 2; |
| } |
| Swarming swarming = 3; |
| |
| // SourceAcls grants read access on a set of Git/Gerrit hosts or projects. |
| message SourceAcls { |
| |
| // host grants read access on all project at this host. |
| // |
| // For more granularity, use the project field instead. |
| // |
| // For *.googlesource.com domains, host should not be a Gerrit host, |
| // i.e. it shouldn't be <subdomain>-review.googlesource.com. |
| repeated string hosts = 1; |
| |
| // project is a URL to a Git repository. |
| // |
| // Read access is granted on both git data and Gerrit CLs of this project. |
| // |
| // For *.googlesource.com Git repositories: |
| // URL Path should not start with '/a/' (forced authentication). |
| // URL Path should not end with '.git' (redundant). |
| repeated string projects = 2; |
| |
| // readers are allowed to read git/gerrit data from targets. |
| // |
| // Three types of identity strings are supported: |
| // * Emails. For example: "someuser@example.com" |
| // * Chrome-infra-auth Groups. For example: "group:committers" |
| // * Auth service identities. For example: "kind:name" |
| // |
| // Required. |
| repeated string readers = 3; |
| } |
| |
| // source_acls instructs Milo to provide Git/Gerrit data |
| // (e.g., blamelist) to some of its users on entire subdomains or individual |
| // repositories (Gerrit "projects"). |
| // |
| // Multiple records are allowed, but each host and project must appear only in |
| // one record. |
| // |
| // See go/milo-git-acls for design rationales. |
| repeated SourceAcls source_acls = 4; |
| |
| message ResultDB { |
| // host is the hostname of the ResultDB instance we're pointing to (sans scheme). |
| string host = 1; |
| } |
| ResultDB resultdb = 5; |
| |
| message Weetbix { |
| // host is the hostname of the Weetbix instance we're pointing to (sans scheme). |
| string host = 1; |
| } |
| Weetbix weetbix = 6; |
| } |