| // Copyright 2020 The LUCI Authors. All rights reserved. |
| // Use of this source code is governed under the Apache License, Version 2.0 |
| // that can be found in the LICENSE file. |
| |
| // Schema for realms.cfg project configuration file. |
| // |
| // RealmsCfg describes configuration of all realms of some single LUCI project. |
| |
| // Code generated by protoc-gen-go. DO NOT EDIT. |
| // versions: |
| // protoc-gen-go v1.31.0 |
| // protoc v3.21.7 |
| // source: go.chromium.org/luci/common/proto/realms/realms_config.proto |
| |
| package realms |
| |
| import ( |
| _ "go.chromium.org/luci/common/proto" |
| protoreflect "google.golang.org/protobuf/reflect/protoreflect" |
| protoimpl "google.golang.org/protobuf/runtime/protoimpl" |
| reflect "reflect" |
| sync "sync" |
| ) |
| |
| const ( |
| // Verify that this generated code is sufficiently up-to-date. |
| _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) |
| // Verify that runtime/protoimpl is sufficiently up-to-date. |
| _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) |
| ) |
| |
| // RealmsCfg defines a schema for realms.cfg project configuration file. |
| type RealmsCfg struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| // List of all realms in the project in arbitrary order. |
| Realms []*Realm `protobuf:"bytes,1,rep,name=realms,proto3" json:"realms,omitempty"` |
| // Optional list of custom roles that can be referenced from Bindings in this |
| // project. |
| CustomRoles []*CustomRole `protobuf:"bytes,2,rep,name=custom_roles,json=customRoles,proto3" json:"custom_roles,omitempty"` |
| } |
| |
| func (x *RealmsCfg) Reset() { |
| *x = RealmsCfg{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *RealmsCfg) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*RealmsCfg) ProtoMessage() {} |
| |
| func (x *RealmsCfg) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use RealmsCfg.ProtoReflect.Descriptor instead. |
| func (*RealmsCfg) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{0} |
| } |
| |
| func (x *RealmsCfg) GetRealms() []*Realm { |
| if x != nil { |
| return x.Realms |
| } |
| return nil |
| } |
| |
| func (x *RealmsCfg) GetCustomRoles() []*CustomRole { |
| if x != nil { |
| return x.CustomRoles |
| } |
| return nil |
| } |
| |
| // Realm is a named container for (<principal>, <permission>) pairs. |
| // |
| // A LUCI resource can point to exactly one realm by referring to its full |
| // name ("<project>:<realm>"). We say that such resource "belongs to the realm" |
| // or "lives in the realm" or is just "in the realm". We also say that such |
| // resource belongs to the project "<project>". The corresponding Realm message |
| // then describes who can do what to the resource. |
| // |
| // The logic of how resources get assigned to realms is a part of the public API |
| // of the service that owns resources. Some services may use a static realm |
| // assignment via project configuration files, others may do it dynamically by |
| // accepting a realm when a resource is created via an RPC. |
| // |
| // A realm can "extend" one or more other realms. If a realm `A` extends `B`, |
| // then all permissions defined in `B` are also in `A`. Remembering that a realm |
| // is just a set of (<principal>, <permission>) pairs, the "extend" relation is |
| // just a set inclusion. |
| // |
| // The primary way of populating the permission set of a realm is via bindings. |
| // Each binding assigns a role to a set of principals. Since each role is |
| // essentially just a set of permissions, each binding adds to the realm a |
| // Cartesian product of a set of permissions (defined via the role) and a set of |
| // principals (defined via a direct listing or via groups). |
| // |
| // There are two special realms (both optional) that a project can have: "@root" |
| // and "@legacy". |
| // |
| // The root realm is implicitly included into all other realms (including |
| // "@legacy"), and it is also used as a fallback when a resource points to |
| // a realm that no longer exists. Without the root realm, such resources become |
| // effectively inaccessible and this may be undesirable. Permissions in the root |
| // realm apply to all realms in the project (current, past and future), and thus |
| // the root realm should contain only administrative-level bindings. If you are |
| // not sure whether you should use the root realm or not, err on the side of not |
| // using it. |
| // |
| // The legacy realm is used for existing resources created before the realms |
| // mechanism was introduced. Such resources usually are not associated with any |
| // realm at all. They are implicitly placed into the legacy realm to allow |
| // reusing realms' machinery for them. |
| // |
| // Note that the details of how resources are placed in the legacy realm are up |
| // to a particular service implementation. Some services may be able to figure |
| // out an appropriate realm for a legacy resource based on resource's existing |
| // attributes. Some services may not have legacy resources at all. The legacy |
| // realm is not used in these case. Refer to the service documentation. |
| // |
| // A realm can also carry some small amount of data (usually auth related) that |
| // LUCI services use when dealing with this realm. It should be something that |
| // all (or at least more than one) LUCI services use. Configuration specific to |
| // a single service should be in this service's project config instead. |
| type Realm struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| // Name of the realm. |
| // |
| // Must match `^[a-z0-9_\.\-/]{1,400}$` or be literals "@root" or "@legacy". |
| // |
| // Realm names must be unique within a project. |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // Optional list of realms whose permissions will be included in this realm. |
| // |
| // All realms implicitly extend "@root" realm (if it is defined), i.e. all |
| // permissions specified in the "@root" realm are propagated to all realms in |
| // the project. |
| // |
| // To keep the mental model simple, cycles aren't allowed (i.e. a realm is not |
| // allowed to directly or indirectly extend itself). The LUCI Config service |
| // will reject realms.cfg that contains cycles during the config validation |
| // phase. |
| Extends []string `protobuf:"bytes,2,rep,name=extends,proto3" json:"extends,omitempty"` |
| // List of bindings that define who can do what to resources in this realm. |
| Bindings []*Binding `protobuf:"bytes,3,rep,name=bindings,proto3" json:"bindings,omitempty"` |
| // A list of LUCI service IDs that should enforce this realm's permissions. |
| // |
| // Children realms inherit and extend this list. |
| // |
| // Used only during Realms migration to gradually roll out the enforcement |
| // realm by realm, service by service. |
| EnforceInService []string `protobuf:"bytes,4,rep,name=enforce_in_service,json=enforceInService,proto3" json:"enforce_in_service,omitempty"` |
| } |
| |
| func (x *Realm) Reset() { |
| *x = Realm{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *Realm) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*Realm) ProtoMessage() {} |
| |
| func (x *Realm) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use Realm.ProtoReflect.Descriptor instead. |
| func (*Realm) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{1} |
| } |
| |
| func (x *Realm) GetName() string { |
| if x != nil { |
| return x.Name |
| } |
| return "" |
| } |
| |
| func (x *Realm) GetExtends() []string { |
| if x != nil { |
| return x.Extends |
| } |
| return nil |
| } |
| |
| func (x *Realm) GetBindings() []*Binding { |
| if x != nil { |
| return x.Bindings |
| } |
| return nil |
| } |
| |
| func (x *Realm) GetEnforceInService() []string { |
| if x != nil { |
| return x.EnforceInService |
| } |
| return nil |
| } |
| |
| // Binding assigns a role to all specified principals. |
| type Binding struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| // Name of the role to assign. |
| // |
| // Can either be a predefined role (if starts with "role/") or a custom role |
| // (if starts with "customRole/"). See TODO for a list of predefined roles |
| // and their meanings. |
| // |
| // A custom role must be defined somewhere in this realms.cfg file. |
| Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` |
| // A set of principals to assign the role to. |
| // |
| // Each entry can either be an identity string (like "user:<email>") or a |
| // LUCI group reference "group:<name>". |
| Principals []string `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"` |
| // A list of conditions ANDed together that define when the binding is active. |
| // |
| // If empty, the binding is active all the time. |
| Conditions []*Condition `protobuf:"bytes,3,rep,name=conditions,proto3" json:"conditions,omitempty"` |
| } |
| |
| func (x *Binding) Reset() { |
| *x = Binding{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *Binding) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*Binding) ProtoMessage() {} |
| |
| func (x *Binding) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use Binding.ProtoReflect.Descriptor instead. |
| func (*Binding) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{2} |
| } |
| |
| func (x *Binding) GetRole() string { |
| if x != nil { |
| return x.Role |
| } |
| return "" |
| } |
| |
| func (x *Binding) GetPrincipals() []string { |
| if x != nil { |
| return x.Principals |
| } |
| return nil |
| } |
| |
| func (x *Binding) GetConditions() []*Condition { |
| if x != nil { |
| return x.Conditions |
| } |
| return nil |
| } |
| |
| // Condition defines a predicate that takes a set of `attribute = value` pairs |
| // with a context of a particular permission check and returns True if the |
| // binding guarded by this conditions should be respected. |
| // |
| // When a service checks a permission, it passes to the authorization library |
| // a string-valued dictionary of attributes that describes the context of the |
| // permission check. It contains things like the name of the resource being |
| // accessed, or parameters of the incoming RPC request that triggered |
| // the check. |
| // |
| // A list of available attributes and meaning of their values depends on |
| // the permission being checked and is documented in the corresponding service |
| // documentation. |
| type Condition struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| // Types that are assignable to Op: |
| // |
| // *Condition_Restrict |
| Op isCondition_Op `protobuf_oneof:"op"` |
| } |
| |
| func (x *Condition) Reset() { |
| *x = Condition{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *Condition) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*Condition) ProtoMessage() {} |
| |
| func (x *Condition) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use Condition.ProtoReflect.Descriptor instead. |
| func (*Condition) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{3} |
| } |
| |
| func (m *Condition) GetOp() isCondition_Op { |
| if m != nil { |
| return m.Op |
| } |
| return nil |
| } |
| |
| func (x *Condition) GetRestrict() *Condition_AttributeRestriction { |
| if x, ok := x.GetOp().(*Condition_Restrict); ok { |
| return x.Restrict |
| } |
| return nil |
| } |
| |
| type isCondition_Op interface { |
| isCondition_Op() |
| } |
| |
| type Condition_Restrict struct { |
| Restrict *Condition_AttributeRestriction `protobuf:"bytes,1,opt,name=restrict,proto3,oneof"` |
| } |
| |
| func (*Condition_Restrict) isCondition_Op() {} |
| |
| // Custom role defines a custom named set of permissions. |
| // |
| // Can be used in bindings if predefined roles are too broad or do not map well |
| // to the desired set of permissions. |
| // |
| // Custom roles are scoped to the project (i.e. different projects may have |
| // identically named, but semantically different custom roles). |
| type CustomRole struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| // Name of this custom role, must start with "customRole/". |
| Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` |
| // Optional list of roles whose permissions will be included in this role. |
| // |
| // Each entry can either be a predefined role (if starts with "role/") or |
| // another custom role defined in this realms.cfg (if starts with |
| // "customRole/"). |
| // |
| // To keep the mental model simple, cycles aren't allowed (i.e. a custom role |
| // is not allowed to directly or indirectly extend itself). The LUCI Config |
| // service will reject realms.cfg that contains cycles during the config |
| // validation phase. |
| Extends []string `protobuf:"bytes,2,rep,name=extends,proto3" json:"extends,omitempty"` |
| // Optional list of permissions to include in the role. |
| // |
| // Each permission is a symbol that has form "<service>.<subject>.<verb>", |
| // which describes some elementary action ("<verb>") that can be done to some |
| // category of resources ("<subject>"), managed by some particular kind of |
| // LUCI service ("<service>"). |
| // |
| // Examples of permissions: |
| // - buildbucket.build.create |
| // - swarming.pool.listBots |
| // - swarming.task.cancel |
| // |
| // See TODO for a list of all possible permissions. |
| Permissions []string `protobuf:"bytes,3,rep,name=permissions,proto3" json:"permissions,omitempty"` |
| } |
| |
| func (x *CustomRole) Reset() { |
| *x = CustomRole{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *CustomRole) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*CustomRole) ProtoMessage() {} |
| |
| func (x *CustomRole) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use CustomRole.ProtoReflect.Descriptor instead. |
| func (*CustomRole) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{4} |
| } |
| |
| func (x *CustomRole) GetName() string { |
| if x != nil { |
| return x.Name |
| } |
| return "" |
| } |
| |
| func (x *CustomRole) GetExtends() []string { |
| if x != nil { |
| return x.Extends |
| } |
| return nil |
| } |
| |
| func (x *CustomRole) GetPermissions() []string { |
| if x != nil { |
| return x.Permissions |
| } |
| return nil |
| } |
| |
| // AttributeRestriction checks that the attributes set (as a set of key-value |
| // pairs) contains a particular (attribute, value) pair. Checked values are |
| // given as a list. The check succeeds if ANY of (attribute, value) pairs are |
| // present: `any((attribute, value) in attrs for value in values)`. |
| type Condition_AttributeRestriction struct { |
| state protoimpl.MessageState |
| sizeCache protoimpl.SizeCache |
| unknownFields protoimpl.UnknownFields |
| |
| Attribute string `protobuf:"bytes,1,opt,name=attribute,proto3" json:"attribute,omitempty"` |
| Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"` |
| } |
| |
| func (x *Condition_AttributeRestriction) Reset() { |
| *x = Condition_AttributeRestriction{} |
| if protoimpl.UnsafeEnabled { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5] |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| ms.StoreMessageInfo(mi) |
| } |
| } |
| |
| func (x *Condition_AttributeRestriction) String() string { |
| return protoimpl.X.MessageStringOf(x) |
| } |
| |
| func (*Condition_AttributeRestriction) ProtoMessage() {} |
| |
| func (x *Condition_AttributeRestriction) ProtoReflect() protoreflect.Message { |
| mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5] |
| if protoimpl.UnsafeEnabled && x != nil { |
| ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) |
| if ms.LoadMessageInfo() == nil { |
| ms.StoreMessageInfo(mi) |
| } |
| return ms |
| } |
| return mi.MessageOf(x) |
| } |
| |
| // Deprecated: Use Condition_AttributeRestriction.ProtoReflect.Descriptor instead. |
| func (*Condition_AttributeRestriction) Descriptor() ([]byte, []int) { |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{3, 0} |
| } |
| |
| func (x *Condition_AttributeRestriction) GetAttribute() string { |
| if x != nil { |
| return x.Attribute |
| } |
| return "" |
| } |
| |
| func (x *Condition_AttributeRestriction) GetValues() []string { |
| if x != nil { |
| return x.Values |
| } |
| return nil |
| } |
| |
| var File_go_chromium_org_luci_common_proto_realms_realms_config_proto protoreflect.FileDescriptor |
| |
| var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc = []byte{ |
| 0x0a, 0x3c, 0x67, 0x6f, 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, |
| 0x67, 0x2f, 0x6c, 0x75, 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, |
| 0x6f, 0x74, 0x6f, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x6d, |
| 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, |
| 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x2f, 0x67, 0x6f, |
| 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x6c, 0x75, |
| 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, |
| 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a, |
| 0x09, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x43, 0x66, 0x67, 0x12, 0x2b, 0x0a, 0x06, 0x72, 0x65, |
| 0x61, 0x6c, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x75, 0x74, |
| 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x52, |
| 0x06, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x12, 0x3b, 0x0a, 0x0c, 0x63, 0x75, 0x73, 0x74, 0x6f, |
| 0x6d, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, |
| 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x75, 0x73, |
| 0x74, 0x6f, 0x6d, 0x52, 0x6f, 0x6c, 0x65, 0x52, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, |
| 0x6f, 0x6c, 0x65, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x05, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x12, 0x12, |
| 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, |
| 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, |
| 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x12, 0x31, 0x0a, 0x08, |
| 0x62, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, |
| 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x42, 0x69, |
| 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x62, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x12, |
| 0x2c, 0x0a, 0x12, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x5f, 0x73, 0x65, |
| 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x65, 0x6e, 0x66, |
| 0x6f, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x76, 0x0a, |
| 0x07, 0x42, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, |
| 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, |
| 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, |
| 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x37, 0x0a, 0x0a, |
| 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, |
| 0x32, 0x17, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, |
| 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, |
| 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xab, 0x01, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, |
| 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x18, |
| 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, |
| 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, |
| 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, |
| 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x1a, |
| 0x4c, 0x0a, 0x14, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x74, |
| 0x72, 0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x72, 0x69, |
| 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x72, |
| 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, |
| 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x42, 0x04, 0x0a, |
| 0x02, 0x6f, 0x70, 0x22, 0x5c, 0x0a, 0x0a, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x6f, 0x6c, |
| 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, |
| 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, |
| 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x12, |
| 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, |
| 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, |
| 0x73, 0x42, 0x6a, 0xa2, 0xfe, 0x23, 0x35, 0x0a, 0x33, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, |
| 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x6c, 0x75, 0x63, 0x69, 0x2e, 0x61, 0x70, 0x70, |
| 0x2f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, |
| 0x73, 0x3a, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x2e, 0x63, 0x66, 0x67, 0x5a, 0x2f, 0x67, 0x6f, |
| 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x6c, 0x75, |
| 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, |
| 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x3b, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x62, 0x06, 0x70, |
| 0x72, 0x6f, 0x74, 0x6f, 0x33, |
| } |
| |
| var ( |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescOnce sync.Once |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData = file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc |
| ) |
| |
| func file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP() []byte { |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescOnce.Do(func() { |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData) |
| }) |
| return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData |
| } |
| |
| var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes = make([]protoimpl.MessageInfo, 6) |
| var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes = []interface{}{ |
| (*RealmsCfg)(nil), // 0: auth_service.RealmsCfg |
| (*Realm)(nil), // 1: auth_service.Realm |
| (*Binding)(nil), // 2: auth_service.Binding |
| (*Condition)(nil), // 3: auth_service.Condition |
| (*CustomRole)(nil), // 4: auth_service.CustomRole |
| (*Condition_AttributeRestriction)(nil), // 5: auth_service.Condition.AttributeRestriction |
| } |
| var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs = []int32{ |
| 1, // 0: auth_service.RealmsCfg.realms:type_name -> auth_service.Realm |
| 4, // 1: auth_service.RealmsCfg.custom_roles:type_name -> auth_service.CustomRole |
| 2, // 2: auth_service.Realm.bindings:type_name -> auth_service.Binding |
| 3, // 3: auth_service.Binding.conditions:type_name -> auth_service.Condition |
| 5, // 4: auth_service.Condition.restrict:type_name -> auth_service.Condition.AttributeRestriction |
| 5, // [5:5] is the sub-list for method output_type |
| 5, // [5:5] is the sub-list for method input_type |
| 5, // [5:5] is the sub-list for extension type_name |
| 5, // [5:5] is the sub-list for extension extendee |
| 0, // [0:5] is the sub-list for field type_name |
| } |
| |
| func init() { file_go_chromium_org_luci_common_proto_realms_realms_config_proto_init() } |
| func file_go_chromium_org_luci_common_proto_realms_realms_config_proto_init() { |
| if File_go_chromium_org_luci_common_proto_realms_realms_config_proto != nil { |
| return |
| } |
| if !protoimpl.UnsafeEnabled { |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*RealmsCfg); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*Realm); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*Binding); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*Condition); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*CustomRole); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { |
| switch v := v.(*Condition_AttributeRestriction); i { |
| case 0: |
| return &v.state |
| case 1: |
| return &v.sizeCache |
| case 2: |
| return &v.unknownFields |
| default: |
| return nil |
| } |
| } |
| } |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3].OneofWrappers = []interface{}{ |
| (*Condition_Restrict)(nil), |
| } |
| type x struct{} |
| out := protoimpl.TypeBuilder{ |
| File: protoimpl.DescBuilder{ |
| GoPackagePath: reflect.TypeOf(x{}).PkgPath(), |
| RawDescriptor: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc, |
| NumEnums: 0, |
| NumMessages: 6, |
| NumExtensions: 0, |
| NumServices: 0, |
| }, |
| GoTypes: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes, |
| DependencyIndexes: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs, |
| MessageInfos: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes, |
| }.Build() |
| File_go_chromium_org_luci_common_proto_realms_realms_config_proto = out.File |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc = nil |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes = nil |
| file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs = nil |
| } |
