blob: 6efef90661cbad44e8d30fd1da544d56a9a078ea [file] [log] [blame]
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: go.chromium.org/luci/tokenserver/api/minter/v1/token_minter.proto
package minter
import prpc "go.chromium.org/luci/grpc/prpc"
import (
context "context"
fmt "fmt"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
messages "go.chromium.org/luci/server/auth/delegation/messages"
api "go.chromium.org/luci/tokenserver/api"
grpc "google.golang.org/grpc"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
// Supported ways of singing the request.
type SignatureAlgorithm int32
const (
SignatureAlgorithm_UNKNOWN_ALGO SignatureAlgorithm = 0
SignatureAlgorithm_SHA256_RSA_ALGO SignatureAlgorithm = 1
)
var SignatureAlgorithm_name = map[int32]string{
0: "UNKNOWN_ALGO",
1: "SHA256_RSA_ALGO",
}
var SignatureAlgorithm_value = map[string]int32{
"UNKNOWN_ALGO": 0,
"SHA256_RSA_ALGO": 1,
}
func (x SignatureAlgorithm) String() string {
return proto.EnumName(SignatureAlgorithm_name, int32(x))
}
func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{0}
}
// Possible kinds of fatal errors.
//
// Non fatal errors are returned as grpc.Internal errors instead.
type ErrorCode int32
const (
ErrorCode_SUCCESS ErrorCode = 0
ErrorCode_UNSUPPORTED_SIGNATURE ErrorCode = 1
ErrorCode_UNSUPPORTED_TOKEN_TYPE ErrorCode = 2
ErrorCode_BAD_TIMESTAMP ErrorCode = 3
ErrorCode_BAD_CERTIFICATE_FORMAT ErrorCode = 4
ErrorCode_BAD_SIGNATURE ErrorCode = 5
ErrorCode_UNTRUSTED_CERTIFICATE ErrorCode = 6
ErrorCode_BAD_TOKEN_ARGUMENTS ErrorCode = 7
ErrorCode_MACHINE_TOKEN_MINTING_ERROR ErrorCode = 8
)
var ErrorCode_name = map[int32]string{
0: "SUCCESS",
1: "UNSUPPORTED_SIGNATURE",
2: "UNSUPPORTED_TOKEN_TYPE",
3: "BAD_TIMESTAMP",
4: "BAD_CERTIFICATE_FORMAT",
5: "BAD_SIGNATURE",
6: "UNTRUSTED_CERTIFICATE",
7: "BAD_TOKEN_ARGUMENTS",
8: "MACHINE_TOKEN_MINTING_ERROR",
}
var ErrorCode_value = map[string]int32{
"SUCCESS": 0,
"UNSUPPORTED_SIGNATURE": 1,
"UNSUPPORTED_TOKEN_TYPE": 2,
"BAD_TIMESTAMP": 3,
"BAD_CERTIFICATE_FORMAT": 4,
"BAD_SIGNATURE": 5,
"UNTRUSTED_CERTIFICATE": 6,
"BAD_TOKEN_ARGUMENTS": 7,
"MACHINE_TOKEN_MINTING_ERROR": 8,
}
func (x ErrorCode) String() string {
return proto.EnumName(ErrorCode_name, int32(x))
}
func (ErrorCode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{1}
}
// MintMachineTokenRequest wraps a serialized and signed MachineTokenRequest
// message.
type MintMachineTokenRequest struct {
// The protobuf-serialized MachineTokenRequest message, signed by the private
// key that matches MachineTokenRequest.certificate.
//
// We have to send it as a byte blob to avoid dealing with possible protobuf
// serialization inconsistencies when checking the signature.
SerializedTokenRequest []byte `protobuf:"bytes,1,opt,name=serialized_token_request,json=serializedTokenRequest,proto3" json:"serialized_token_request,omitempty"`
// The signature of 'serialized_token_parameters' blob.
//
// See MachineTokenRequest.signature_algorithm for exact meaning.
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintMachineTokenRequest) Reset() { *m = MintMachineTokenRequest{} }
func (m *MintMachineTokenRequest) String() string { return proto.CompactTextString(m) }
func (*MintMachineTokenRequest) ProtoMessage() {}
func (*MintMachineTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{0}
}
func (m *MintMachineTokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintMachineTokenRequest.Unmarshal(m, b)
}
func (m *MintMachineTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintMachineTokenRequest.Marshal(b, m, deterministic)
}
func (m *MintMachineTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintMachineTokenRequest.Merge(m, src)
}
func (m *MintMachineTokenRequest) XXX_Size() int {
return xxx_messageInfo_MintMachineTokenRequest.Size(m)
}
func (m *MintMachineTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MintMachineTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MintMachineTokenRequest proto.InternalMessageInfo
func (m *MintMachineTokenRequest) GetSerializedTokenRequest() []byte {
if m != nil {
return m.SerializedTokenRequest
}
return nil
}
func (m *MintMachineTokenRequest) GetSignature() []byte {
if m != nil {
return m.Signature
}
return nil
}
// MachineTokenRequest contains the actual request parameters.
type MachineTokenRequest struct {
// The certificate that identifies a caller (as ASN1-serialized blob).
//
// It will be used to extract machine FQDN (it's CN of the cert) and CA name
// to use to check the cert.
Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
// The signature algorithm used to sign this request.
//
// Defines what's in MintMachineTokenRequest.signature field.
SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,2,opt,name=signature_algorithm,json=signatureAlgorithm,proto3,enum=tokenserver.minter.SignatureAlgorithm" json:"signature_algorithm,omitempty"`
// Timestamp when this request was created, by the issuer clock.
IssuedAt *timestamp.Timestamp `protobuf:"bytes,3,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
// The token type being requested.
//
// Defines what fields of the response are set.
TokenType api.MachineTokenType `protobuf:"varint,4,opt,name=token_type,json=tokenType,proto3,enum=tokenserver.MachineTokenType" json:"token_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MachineTokenRequest) Reset() { *m = MachineTokenRequest{} }
func (m *MachineTokenRequest) String() string { return proto.CompactTextString(m) }
func (*MachineTokenRequest) ProtoMessage() {}
func (*MachineTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{1}
}
func (m *MachineTokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MachineTokenRequest.Unmarshal(m, b)
}
func (m *MachineTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MachineTokenRequest.Marshal(b, m, deterministic)
}
func (m *MachineTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MachineTokenRequest.Merge(m, src)
}
func (m *MachineTokenRequest) XXX_Size() int {
return xxx_messageInfo_MachineTokenRequest.Size(m)
}
func (m *MachineTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MachineTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MachineTokenRequest proto.InternalMessageInfo
func (m *MachineTokenRequest) GetCertificate() []byte {
if m != nil {
return m.Certificate
}
return nil
}
func (m *MachineTokenRequest) GetSignatureAlgorithm() SignatureAlgorithm {
if m != nil {
return m.SignatureAlgorithm
}
return SignatureAlgorithm_UNKNOWN_ALGO
}
func (m *MachineTokenRequest) GetIssuedAt() *timestamp.Timestamp {
if m != nil {
return m.IssuedAt
}
return nil
}
func (m *MachineTokenRequest) GetTokenType() api.MachineTokenType {
if m != nil {
return m.TokenType
}
return api.MachineTokenType_UNKNOWN_TYPE
}
// MintMachineTokenResponse is returned by MintMachineToken if the server
// processed the request.
//
// It's returned even if server refuses to mint a token. It contains the error
// details in that case.
type MintMachineTokenResponse struct {
// Possible kinds of fatal errors.
//
// Non fatal errors are returned as grpc.Internal errors instead.
ErrorCode ErrorCode `protobuf:"varint,1,opt,name=error_code,json=errorCode,proto3,enum=tokenserver.minter.ErrorCode" json:"error_code,omitempty"`
// Optional detailed error message.
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// On success (SUCCESS error code) contains the produced token.
TokenResponse *MachineTokenResponse `protobuf:"bytes,3,opt,name=token_response,json=tokenResponse,proto3" json:"token_response,omitempty"`
// Identifier of the service and its version that produced the response.
//
// Set for both successful responses and errors. On success, it is identical
// to token_response.service_version.
ServiceVersion string `protobuf:"bytes,4,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintMachineTokenResponse) Reset() { *m = MintMachineTokenResponse{} }
func (m *MintMachineTokenResponse) String() string { return proto.CompactTextString(m) }
func (*MintMachineTokenResponse) ProtoMessage() {}
func (*MintMachineTokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{2}
}
func (m *MintMachineTokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintMachineTokenResponse.Unmarshal(m, b)
}
func (m *MintMachineTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintMachineTokenResponse.Marshal(b, m, deterministic)
}
func (m *MintMachineTokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintMachineTokenResponse.Merge(m, src)
}
func (m *MintMachineTokenResponse) XXX_Size() int {
return xxx_messageInfo_MintMachineTokenResponse.Size(m)
}
func (m *MintMachineTokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MintMachineTokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MintMachineTokenResponse proto.InternalMessageInfo
func (m *MintMachineTokenResponse) GetErrorCode() ErrorCode {
if m != nil {
return m.ErrorCode
}
return ErrorCode_SUCCESS
}
func (m *MintMachineTokenResponse) GetErrorMessage() string {
if m != nil {
return m.ErrorMessage
}
return ""
}
func (m *MintMachineTokenResponse) GetTokenResponse() *MachineTokenResponse {
if m != nil {
return m.TokenResponse
}
return nil
}
func (m *MintMachineTokenResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
// MachineTokenResponse contains a token requested by MachineTokenRequest.
type MachineTokenResponse struct {
// Identifier of the service and its version that produced the token.
//
// Has the form "<app-id>/<module-version>". Reported to the monitoring by
// the client. This is _not_ a part of the token.
ServiceVersion string `protobuf:"bytes,2,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
// The generated token.
//
// The exact field set here depends on a requested type of the token, see
// MachineTokenRequest.token_type.
//
// Types that are valid to be assigned to TokenType:
// *MachineTokenResponse_LuciMachineToken
TokenType isMachineTokenResponse_TokenType `protobuf_oneof:"token_type"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MachineTokenResponse) Reset() { *m = MachineTokenResponse{} }
func (m *MachineTokenResponse) String() string { return proto.CompactTextString(m) }
func (*MachineTokenResponse) ProtoMessage() {}
func (*MachineTokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{3}
}
func (m *MachineTokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MachineTokenResponse.Unmarshal(m, b)
}
func (m *MachineTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MachineTokenResponse.Marshal(b, m, deterministic)
}
func (m *MachineTokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MachineTokenResponse.Merge(m, src)
}
func (m *MachineTokenResponse) XXX_Size() int {
return xxx_messageInfo_MachineTokenResponse.Size(m)
}
func (m *MachineTokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MachineTokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MachineTokenResponse proto.InternalMessageInfo
func (m *MachineTokenResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
type isMachineTokenResponse_TokenType interface {
isMachineTokenResponse_TokenType()
}
type MachineTokenResponse_LuciMachineToken struct {
LuciMachineToken *LuciMachineToken `protobuf:"bytes,21,opt,name=luci_machine_token,json=luciMachineToken,proto3,oneof"`
}
func (*MachineTokenResponse_LuciMachineToken) isMachineTokenResponse_TokenType() {}
func (m *MachineTokenResponse) GetTokenType() isMachineTokenResponse_TokenType {
if m != nil {
return m.TokenType
}
return nil
}
func (m *MachineTokenResponse) GetLuciMachineToken() *LuciMachineToken {
if x, ok := m.GetTokenType().(*MachineTokenResponse_LuciMachineToken); ok {
return x.LuciMachineToken
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*MachineTokenResponse) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*MachineTokenResponse_LuciMachineToken)(nil),
}
}
// LuciMachineToken is short lived machine token.
//
// It is understood only by LUCI backends. It is a bearer token, that embeds
// machine hostname and details about the machine certificate it was issued for.
// It has short lifetime (usually 1h).
//
// It is expected to be sent to backends in 'X-Luci-Machine-Token' HTTP header.
//
// The token here is supposed to be treated as an opaque base64-encoded blob,
// but in reality it is serialized MachineTokenEnvelope, see machine_token.proto
// and read the comment there for more info about the token format.
type LuciMachineToken struct {
MachineToken string `protobuf:"bytes,1,opt,name=machine_token,json=machineToken,proto3" json:"machine_token,omitempty"`
Expiry *timestamp.Timestamp `protobuf:"bytes,2,opt,name=expiry,proto3" json:"expiry,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LuciMachineToken) Reset() { *m = LuciMachineToken{} }
func (m *LuciMachineToken) String() string { return proto.CompactTextString(m) }
func (*LuciMachineToken) ProtoMessage() {}
func (*LuciMachineToken) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{4}
}
func (m *LuciMachineToken) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_LuciMachineToken.Unmarshal(m, b)
}
func (m *LuciMachineToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_LuciMachineToken.Marshal(b, m, deterministic)
}
func (m *LuciMachineToken) XXX_Merge(src proto.Message) {
xxx_messageInfo_LuciMachineToken.Merge(m, src)
}
func (m *LuciMachineToken) XXX_Size() int {
return xxx_messageInfo_LuciMachineToken.Size(m)
}
func (m *LuciMachineToken) XXX_DiscardUnknown() {
xxx_messageInfo_LuciMachineToken.DiscardUnknown(m)
}
var xxx_messageInfo_LuciMachineToken proto.InternalMessageInfo
func (m *LuciMachineToken) GetMachineToken() string {
if m != nil {
return m.MachineToken
}
return ""
}
func (m *LuciMachineToken) GetExpiry() *timestamp.Timestamp {
if m != nil {
return m.Expiry
}
return nil
}
// MintDelegationTokenRequest is passed to MintDelegationToken.
type MintDelegationTokenRequest struct {
// Identity whose authority is delegated.
//
// A string of the form "user:<email>" or a special token "REQUESTOR" that
// means to delegate caller's own identity. The token server will check its
// ACLs to make sure the caller is authorized to impersonate this identity.
//
// Required.
DelegatedIdentity string `protobuf:"bytes,1,opt,name=delegated_identity,json=delegatedIdentity,proto3" json:"delegated_identity,omitempty"`
// How long the token should be considered valid (in seconds).
//
// Default is 3600 sec.
ValidityDuration int64 `protobuf:"varint,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
// Who will be able to use the new token.
//
// Each item can be an identity string (e.g. "user:<email>"), a "group:<name>"
// string, special "*" string which means "Any bearer can use the token", or
// "REQUESTOR" string which means "Whoever is making this call can use the
// token".
//
// This is semantically is a set, the order of elements doesn't matter.
//
// Required.
Audience []string `protobuf:"bytes,3,rep,name=audience,proto3" json:"audience,omitempty"`
// What services should accept the new token.
//
// List of LUCI services (specified as service identities, e.g.
// "service:app-id" or as https:// root URLs e.g. "https://<host>") that
// should accept this token. May also contain special "*" string, which
// means "All LUCI services".
//
// This is semantically is a set, the order of elements doesn't matter.
//
// Required.
Services []string `protobuf:"bytes,4,rep,name=services,proto3" json:"services,omitempty"`
// Optional reason why the token is created.
//
// Used only for logging and auditing purposes. Doesn't become part of the
// token.
Intent string `protobuf:"bytes,5,opt,name=intent,proto3" json:"intent,omitempty"`
// Arbitrary key:value pairs embedded into the token by whoever requested it.
// Convey circumstance of why the token is created.
//
// Services that accept the token may use them for additional authorization
// decisions. Please use extremely carefully, only when you control both sides
// of the delegation link and can guarantee that services involved understand
// the tags.
Tags []string `protobuf:"bytes,6,rep,name=tags,proto3" json:"tags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintDelegationTokenRequest) Reset() { *m = MintDelegationTokenRequest{} }
func (m *MintDelegationTokenRequest) String() string { return proto.CompactTextString(m) }
func (*MintDelegationTokenRequest) ProtoMessage() {}
func (*MintDelegationTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{5}
}
func (m *MintDelegationTokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintDelegationTokenRequest.Unmarshal(m, b)
}
func (m *MintDelegationTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintDelegationTokenRequest.Marshal(b, m, deterministic)
}
func (m *MintDelegationTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintDelegationTokenRequest.Merge(m, src)
}
func (m *MintDelegationTokenRequest) XXX_Size() int {
return xxx_messageInfo_MintDelegationTokenRequest.Size(m)
}
func (m *MintDelegationTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MintDelegationTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MintDelegationTokenRequest proto.InternalMessageInfo
func (m *MintDelegationTokenRequest) GetDelegatedIdentity() string {
if m != nil {
return m.DelegatedIdentity
}
return ""
}
func (m *MintDelegationTokenRequest) GetValidityDuration() int64 {
if m != nil {
return m.ValidityDuration
}
return 0
}
func (m *MintDelegationTokenRequest) GetAudience() []string {
if m != nil {
return m.Audience
}
return nil
}
func (m *MintDelegationTokenRequest) GetServices() []string {
if m != nil {
return m.Services
}
return nil
}
func (m *MintDelegationTokenRequest) GetIntent() string {
if m != nil {
return m.Intent
}
return ""
}
func (m *MintDelegationTokenRequest) GetTags() []string {
if m != nil {
return m.Tags
}
return nil
}
// MintDelegationTokenResponse is returned by MintDelegationToken on success.
//
// Errors are returned via standard gRPC codes.
type MintDelegationTokenResponse struct {
// The actual base64-encoded signed token.
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
// Same data as in 'token' in deserialized form, just for convenience.
//
// Mostly for JSON encoding users, since they may not understand proto-encoded
// tokens.
DelegationSubtoken *messages.Subtoken `protobuf:"bytes,2,opt,name=delegation_subtoken,json=delegationSubtoken,proto3" json:"delegation_subtoken,omitempty"`
// Identifier of the service and its version that produced the token.
//
// Has the form "<app-id>/<module-version>". This is _not_ part of the token.
// Used only for logging and monitoring.
ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintDelegationTokenResponse) Reset() { *m = MintDelegationTokenResponse{} }
func (m *MintDelegationTokenResponse) String() string { return proto.CompactTextString(m) }
func (*MintDelegationTokenResponse) ProtoMessage() {}
func (*MintDelegationTokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{6}
}
func (m *MintDelegationTokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintDelegationTokenResponse.Unmarshal(m, b)
}
func (m *MintDelegationTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintDelegationTokenResponse.Marshal(b, m, deterministic)
}
func (m *MintDelegationTokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintDelegationTokenResponse.Merge(m, src)
}
func (m *MintDelegationTokenResponse) XXX_Size() int {
return xxx_messageInfo_MintDelegationTokenResponse.Size(m)
}
func (m *MintDelegationTokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MintDelegationTokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MintDelegationTokenResponse proto.InternalMessageInfo
func (m *MintDelegationTokenResponse) GetToken() string {
if m != nil {
return m.Token
}
return ""
}
func (m *MintDelegationTokenResponse) GetDelegationSubtoken() *messages.Subtoken {
if m != nil {
return m.DelegationSubtoken
}
return nil
}
func (m *MintDelegationTokenResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
// MintOAuthTokenGrantRequest is passed to MintOAuthTokenGrant.
//
// Additional implicit field is the identity of whoever makes this call. It
// becomes 'wielder_identity' of the generated token.
type MintOAuthTokenGrantRequest struct {
// Service account identity the end user wants to act as.
//
// A string of the form "user:<email>".
//
// Required.
ServiceAccount string `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
// How long the generated grant should be considered valid (in seconds).
//
// Default is 3600 sec.
ValidityDuration int64 `protobuf:"varint,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
// An end user that wants to act as the service account (perhaps indirectly).
//
// A string of the form "user:<email>". On Swarming, this is an identity of
// a user that posted the task.
//
// TODO(vadimsh): Verify that this user is present during MintOAuthTokenGrant
// RPC by requiring the end user's credentials, e.g make Swarming forward
// user's OAuth token to the token server, where it can be validated.
//
// Required.
EndUser string `protobuf:"bytes,3,opt,name=end_user,json=endUser,proto3" json:"end_user,omitempty"`
// Arbitrary key:value pairs describing circumstances of this call.
//
// Used only for logging and auditing purposes. Not involved in authorization
// and don't become part of the grant.
AuditTags []string `protobuf:"bytes,4,rep,name=audit_tags,json=auditTags,proto3" json:"audit_tags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintOAuthTokenGrantRequest) Reset() { *m = MintOAuthTokenGrantRequest{} }
func (m *MintOAuthTokenGrantRequest) String() string { return proto.CompactTextString(m) }
func (*MintOAuthTokenGrantRequest) ProtoMessage() {}
func (*MintOAuthTokenGrantRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{7}
}
func (m *MintOAuthTokenGrantRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintOAuthTokenGrantRequest.Unmarshal(m, b)
}
func (m *MintOAuthTokenGrantRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintOAuthTokenGrantRequest.Marshal(b, m, deterministic)
}
func (m *MintOAuthTokenGrantRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintOAuthTokenGrantRequest.Merge(m, src)
}
func (m *MintOAuthTokenGrantRequest) XXX_Size() int {
return xxx_messageInfo_MintOAuthTokenGrantRequest.Size(m)
}
func (m *MintOAuthTokenGrantRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MintOAuthTokenGrantRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MintOAuthTokenGrantRequest proto.InternalMessageInfo
func (m *MintOAuthTokenGrantRequest) GetServiceAccount() string {
if m != nil {
return m.ServiceAccount
}
return ""
}
func (m *MintOAuthTokenGrantRequest) GetValidityDuration() int64 {
if m != nil {
return m.ValidityDuration
}
return 0
}
func (m *MintOAuthTokenGrantRequest) GetEndUser() string {
if m != nil {
return m.EndUser
}
return ""
}
func (m *MintOAuthTokenGrantRequest) GetAuditTags() []string {
if m != nil {
return m.AuditTags
}
return nil
}
// MintOAuthTokenGrantResponse is returned by MintOAuthTokenGrant.
type MintOAuthTokenGrantResponse struct {
GrantToken string `protobuf:"bytes,1,opt,name=grant_token,json=grantToken,proto3" json:"grant_token,omitempty"`
Expiry *timestamp.Timestamp `protobuf:"bytes,2,opt,name=expiry,proto3" json:"expiry,omitempty"`
// Identifier of the service and its version that produced the token.
//
// Has the form "<app-id>/<module-version>". This is _not_ part of the token.
// Used only for logging and monitoring.
ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintOAuthTokenGrantResponse) Reset() { *m = MintOAuthTokenGrantResponse{} }
func (m *MintOAuthTokenGrantResponse) String() string { return proto.CompactTextString(m) }
func (*MintOAuthTokenGrantResponse) ProtoMessage() {}
func (*MintOAuthTokenGrantResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{8}
}
func (m *MintOAuthTokenGrantResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintOAuthTokenGrantResponse.Unmarshal(m, b)
}
func (m *MintOAuthTokenGrantResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintOAuthTokenGrantResponse.Marshal(b, m, deterministic)
}
func (m *MintOAuthTokenGrantResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintOAuthTokenGrantResponse.Merge(m, src)
}
func (m *MintOAuthTokenGrantResponse) XXX_Size() int {
return xxx_messageInfo_MintOAuthTokenGrantResponse.Size(m)
}
func (m *MintOAuthTokenGrantResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MintOAuthTokenGrantResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MintOAuthTokenGrantResponse proto.InternalMessageInfo
func (m *MintOAuthTokenGrantResponse) GetGrantToken() string {
if m != nil {
return m.GrantToken
}
return ""
}
func (m *MintOAuthTokenGrantResponse) GetExpiry() *timestamp.Timestamp {
if m != nil {
return m.Expiry
}
return nil
}
func (m *MintOAuthTokenGrantResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
// MintOAuthTokenViaGrantRequest is passed to MintOAuthTokenViaGrant.
//
// Additional implicit field is the identity of whoever makes this call. It is
// compared against 'wielder_identity' inside the token.
type MintOAuthTokenViaGrantRequest struct {
// A previously generated grant, as returned by MintOAuthTokenGrant.
GrantToken string `protobuf:"bytes,1,opt,name=grant_token,json=grantToken,proto3" json:"grant_token,omitempty"`
// The list of OAuth scopes the access token should have.
//
// The server may reject the request if some scopes are not allowed.
OauthScope []string `protobuf:"bytes,2,rep,name=oauth_scope,json=oauthScope,proto3" json:"oauth_scope,omitempty"`
// Minimally accepted validity duration of the returned OAuth token (seconds).
//
// The server may return a token that lives longer than this. The maximum is
// 1h. An attempt to get a token that lives longer than 1h will result in
// an error.
//
// The returned token validity duration doesn't depend on the lifetime of
// the grant: it's possible to use a grant that expires in 1 sec to get an
// access token that lives for 1h.
//
// Default is 300 sec.
MinValidityDuration int64 `protobuf:"varint,3,opt,name=min_validity_duration,json=minValidityDuration,proto3" json:"min_validity_duration,omitempty"`
// Arbitrary key:value pairs describing circumstances of this call.
//
// Used only for logging and auditing purposes. Not involved in authorization.
AuditTags []string `protobuf:"bytes,4,rep,name=audit_tags,json=auditTags,proto3" json:"audit_tags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintOAuthTokenViaGrantRequest) Reset() { *m = MintOAuthTokenViaGrantRequest{} }
func (m *MintOAuthTokenViaGrantRequest) String() string { return proto.CompactTextString(m) }
func (*MintOAuthTokenViaGrantRequest) ProtoMessage() {}
func (*MintOAuthTokenViaGrantRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{9}
}
func (m *MintOAuthTokenViaGrantRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintOAuthTokenViaGrantRequest.Unmarshal(m, b)
}
func (m *MintOAuthTokenViaGrantRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintOAuthTokenViaGrantRequest.Marshal(b, m, deterministic)
}
func (m *MintOAuthTokenViaGrantRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintOAuthTokenViaGrantRequest.Merge(m, src)
}
func (m *MintOAuthTokenViaGrantRequest) XXX_Size() int {
return xxx_messageInfo_MintOAuthTokenViaGrantRequest.Size(m)
}
func (m *MintOAuthTokenViaGrantRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MintOAuthTokenViaGrantRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MintOAuthTokenViaGrantRequest proto.InternalMessageInfo
func (m *MintOAuthTokenViaGrantRequest) GetGrantToken() string {
if m != nil {
return m.GrantToken
}
return ""
}
func (m *MintOAuthTokenViaGrantRequest) GetOauthScope() []string {
if m != nil {
return m.OauthScope
}
return nil
}
func (m *MintOAuthTokenViaGrantRequest) GetMinValidityDuration() int64 {
if m != nil {
return m.MinValidityDuration
}
return 0
}
func (m *MintOAuthTokenViaGrantRequest) GetAuditTags() []string {
if m != nil {
return m.AuditTags
}
return nil
}
// MintOAuthTokenViaGrantResponse is returned by MintOAuthTokenViaGrant.
type MintOAuthTokenViaGrantResponse struct {
AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
Expiry *timestamp.Timestamp `protobuf:"bytes,2,opt,name=expiry,proto3" json:"expiry,omitempty"`
// Identifier of the service and its version that produced the token.
//
// Has the form "<app-id>/<module-version>". Used only for logging and
// monitoring.
ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintOAuthTokenViaGrantResponse) Reset() { *m = MintOAuthTokenViaGrantResponse{} }
func (m *MintOAuthTokenViaGrantResponse) String() string { return proto.CompactTextString(m) }
func (*MintOAuthTokenViaGrantResponse) ProtoMessage() {}
func (*MintOAuthTokenViaGrantResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{10}
}
func (m *MintOAuthTokenViaGrantResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintOAuthTokenViaGrantResponse.Unmarshal(m, b)
}
func (m *MintOAuthTokenViaGrantResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintOAuthTokenViaGrantResponse.Marshal(b, m, deterministic)
}
func (m *MintOAuthTokenViaGrantResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintOAuthTokenViaGrantResponse.Merge(m, src)
}
func (m *MintOAuthTokenViaGrantResponse) XXX_Size() int {
return xxx_messageInfo_MintOAuthTokenViaGrantResponse.Size(m)
}
func (m *MintOAuthTokenViaGrantResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MintOAuthTokenViaGrantResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MintOAuthTokenViaGrantResponse proto.InternalMessageInfo
func (m *MintOAuthTokenViaGrantResponse) GetAccessToken() string {
if m != nil {
return m.AccessToken
}
return ""
}
func (m *MintOAuthTokenViaGrantResponse) GetExpiry() *timestamp.Timestamp {
if m != nil {
return m.Expiry
}
return nil
}
func (m *MintOAuthTokenViaGrantResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
// MintProjectTokenRequest is passed to MintProjectToken.
type MintProjectTokenRequest struct {
// Luci project to which this token will be bound.
LuciProject string `protobuf:"bytes,1,opt,name=luci_project,json=luciProject,proto3" json:"luci_project,omitempty"`
// Requested OAuth scopes for the token.
OauthScope []string `protobuf:"bytes,2,rep,name=oauth_scope,json=oauthScope,proto3" json:"oauth_scope,omitempty"`
// Minimum token validity duration in seconds.
MinValidityDuration int64 `protobuf:"varint,3,opt,name=min_validity_duration,json=minValidityDuration,proto3" json:"min_validity_duration,omitempty"`
// Arbitrary key:value pairs describing circumstances of this call.
//
// Used only for logging and auditing purposes. Not involved in authorization.
AuditTags []string `protobuf:"bytes,4,rep,name=audit_tags,json=auditTags,proto3" json:"audit_tags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintProjectTokenRequest) Reset() { *m = MintProjectTokenRequest{} }
func (m *MintProjectTokenRequest) String() string { return proto.CompactTextString(m) }
func (*MintProjectTokenRequest) ProtoMessage() {}
func (*MintProjectTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{11}
}
func (m *MintProjectTokenRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintProjectTokenRequest.Unmarshal(m, b)
}
func (m *MintProjectTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintProjectTokenRequest.Marshal(b, m, deterministic)
}
func (m *MintProjectTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintProjectTokenRequest.Merge(m, src)
}
func (m *MintProjectTokenRequest) XXX_Size() int {
return xxx_messageInfo_MintProjectTokenRequest.Size(m)
}
func (m *MintProjectTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MintProjectTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MintProjectTokenRequest proto.InternalMessageInfo
func (m *MintProjectTokenRequest) GetLuciProject() string {
if m != nil {
return m.LuciProject
}
return ""
}
func (m *MintProjectTokenRequest) GetOauthScope() []string {
if m != nil {
return m.OauthScope
}
return nil
}
func (m *MintProjectTokenRequest) GetMinValidityDuration() int64 {
if m != nil {
return m.MinValidityDuration
}
return 0
}
func (m *MintProjectTokenRequest) GetAuditTags() []string {
if m != nil {
return m.AuditTags
}
return nil
}
// MintProjectTokenResponse is returned by MintProjectToken.
type MintProjectTokenResponse struct {
// Full service account email.
ServiceAccountEmail string `protobuf:"bytes,1,opt,name=service_account_email,json=serviceAccountEmail,proto3" json:"service_account_email,omitempty"`
// OAuth access token.
AccessToken string `protobuf:"bytes,2,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
// Token expiration timestamp.
Expiry *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiry,proto3" json:"expiry,omitempty"`
// Identifier of the service and its version that produced the token.
//
// Has the form "<app-id>/<module-version>". Used only for logging and
// monitoring.
ServiceVersion string `protobuf:"bytes,4,opt,name=service_version,json=serviceVersion,proto3" json:"service_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MintProjectTokenResponse) Reset() { *m = MintProjectTokenResponse{} }
func (m *MintProjectTokenResponse) String() string { return proto.CompactTextString(m) }
func (*MintProjectTokenResponse) ProtoMessage() {}
func (*MintProjectTokenResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_f6e01e20f1811b60, []int{12}
}
func (m *MintProjectTokenResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MintProjectTokenResponse.Unmarshal(m, b)
}
func (m *MintProjectTokenResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MintProjectTokenResponse.Marshal(b, m, deterministic)
}
func (m *MintProjectTokenResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MintProjectTokenResponse.Merge(m, src)
}
func (m *MintProjectTokenResponse) XXX_Size() int {
return xxx_messageInfo_MintProjectTokenResponse.Size(m)
}
func (m *MintProjectTokenResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MintProjectTokenResponse.DiscardUnknown(m)
}
var xxx_messageInfo_MintProjectTokenResponse proto.InternalMessageInfo
func (m *MintProjectTokenResponse) GetServiceAccountEmail() string {
if m != nil {
return m.ServiceAccountEmail
}
return ""
}
func (m *MintProjectTokenResponse) GetAccessToken() string {
if m != nil {
return m.AccessToken
}
return ""
}
func (m *MintProjectTokenResponse) GetExpiry() *timestamp.Timestamp {
if m != nil {
return m.Expiry
}
return nil
}
func (m *MintProjectTokenResponse) GetServiceVersion() string {
if m != nil {
return m.ServiceVersion
}
return ""
}
func init() {
proto.RegisterEnum("tokenserver.minter.SignatureAlgorithm", SignatureAlgorithm_name, SignatureAlgorithm_value)
proto.RegisterEnum("tokenserver.minter.ErrorCode", ErrorCode_name, ErrorCode_value)
proto.RegisterType((*MintMachineTokenRequest)(nil), "tokenserver.minter.MintMachineTokenRequest")
proto.RegisterType((*MachineTokenRequest)(nil), "tokenserver.minter.MachineTokenRequest")
proto.RegisterType((*MintMachineTokenResponse)(nil), "tokenserver.minter.MintMachineTokenResponse")
proto.RegisterType((*MachineTokenResponse)(nil), "tokenserver.minter.MachineTokenResponse")
proto.RegisterType((*LuciMachineToken)(nil), "tokenserver.minter.LuciMachineToken")
proto.RegisterType((*MintDelegationTokenRequest)(nil), "tokenserver.minter.MintDelegationTokenRequest")
proto.RegisterType((*MintDelegationTokenResponse)(nil), "tokenserver.minter.MintDelegationTokenResponse")
proto.RegisterType((*MintOAuthTokenGrantRequest)(nil), "tokenserver.minter.MintOAuthTokenGrantRequest")
proto.RegisterType((*MintOAuthTokenGrantResponse)(nil), "tokenserver.minter.MintOAuthTokenGrantResponse")
proto.RegisterType((*MintOAuthTokenViaGrantRequest)(nil), "tokenserver.minter.MintOAuthTokenViaGrantRequest")
proto.RegisterType((*MintOAuthTokenViaGrantResponse)(nil), "tokenserver.minter.MintOAuthTokenViaGrantResponse")
proto.RegisterType((*MintProjectTokenRequest)(nil), "tokenserver.minter.MintProjectTokenRequest")
proto.RegisterType((*MintProjectTokenResponse)(nil), "tokenserver.minter.MintProjectTokenResponse")
}
func init() {
proto.RegisterFile("go.chromium.org/luci/tokenserver/api/minter/v1/token_minter.proto", fileDescriptor_f6e01e20f1811b60)
}
var fileDescriptor_f6e01e20f1811b60 = []byte{
// 1219 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0xc1, 0x92, 0xdb, 0x44,
0x10, 0x8d, 0x6c, 0xaf, 0x63, 0xb7, 0x9d, 0x44, 0x19, 0x67, 0x37, 0x8e, 0x43, 0xd8, 0xc4, 0x50,
0xb0, 0x95, 0x80, 0x5c, 0x31, 0x05, 0xa4, 0x0a, 0x2e, 0x8a, 0x57, 0xd9, 0x38, 0x89, 0xed, 0x2d,
0x49, 0x4e, 0x0a, 0x2e, 0x2a, 0x45, 0x9a, 0x78, 0x87, 0x58, 0x92, 0x23, 0x8d, 0xb6, 0x58, 0x2e,
0x7c, 0x01, 0x5f, 0xc0, 0x05, 0xee, 0x54, 0xc1, 0x81, 0xef, 0xe0, 0x0b, 0x72, 0xe6, 0x17, 0xb8,
0x52, 0x9a, 0x19, 0xed, 0x4a, 0xb6, 0x9c, 0xdd, 0x40, 0x15, 0xdc, 0x34, 0xaf, 0x7b, 0xba, 0xdf,
0xbc, 0xee, 0xe9, 0x11, 0xa8, 0xb3, 0x40, 0x71, 0x0e, 0xc2, 0xc0, 0x23, 0xb1, 0xa7, 0x04, 0xe1,
0xac, 0x37, 0x8f, 0x1d, 0xd2, 0xa3, 0xc1, 0x4b, 0xec, 0x47, 0x38, 0x3c, 0xc4, 0x61, 0xcf, 0x5e,
0x90, 0x9e, 0x47, 0x7c, 0x8a, 0xc3, 0xde, 0xe1, 0x5d, 0x6e, 0xb1, 0xf8, 0x5a, 0x59, 0x84, 0x01,
0x0d, 0x10, 0xca, 0x78, 0x2b, 0xdc, 0xd2, 0xd9, 0x9e, 0x05, 0xc1, 0x6c, 0x8e, 0x7b, 0xcc, 0xe3,
0x79, 0xfc, 0xa2, 0x47, 0x89, 0x87, 0x23, 0x6a, 0x7b, 0x0b, 0xbe, 0xa9, 0xa3, 0x15, 0xe6, 0x4d,
0x53, 0xc6, 0xf4, 0xa0, 0xe7, 0xe2, 0x39, 0x9e, 0xd9, 0x94, 0x04, 0x7e, 0xcf, 0xc3, 0x51, 0x64,
0xcf, 0x70, 0x94, 0xc1, 0x44, 0x98, 0x7b, 0x67, 0xa3, 0x6f, 0x3b, 0x07, 0xc4, 0xc7, 0x16, 0xc3,
0xf9, 0xce, 0xee, 0x2b, 0xb8, 0x3a, 0x22, 0x3e, 0x1d, 0x71, 0x93, 0x99, 0x58, 0x74, 0xfc, 0x2a,
0xc6, 0x11, 0x45, 0xf7, 0xa0, 0x1d, 0xe1, 0x90, 0xd8, 0x73, 0xf2, 0x1d, 0x76, 0xf9, 0x26, 0x2b,
0xe4, 0xb6, 0xb6, 0x74, 0x53, 0xda, 0x69, 0xea, 0x5b, 0x27, 0xf6, 0xdc, 0xce, 0x77, 0xa0, 0x1e,
0x91, 0x99, 0x6f, 0xd3, 0x38, 0xc4, 0xed, 0x12, 0x73, 0x3d, 0x01, 0xba, 0x3f, 0x94, 0xa0, 0x55,
0x94, 0xef, 0x26, 0x34, 0x1c, 0x1c, 0x52, 0xf2, 0x82, 0x38, 0x36, 0xc5, 0x22, 0x45, 0x16, 0x42,
0xcf, 0xa0, 0x75, 0x1c, 0xc6, 0xb2, 0xe7, 0xb3, 0x20, 0x24, 0xf4, 0xc0, 0x63, 0x19, 0x2e, 0xf6,
0x3f, 0x50, 0x56, 0x0b, 0xa0, 0x18, 0xa9, 0xbb, 0x9a, 0x7a, 0xeb, 0x28, 0x5a, 0xc1, 0xd0, 0xe7,
0x50, 0x27, 0x51, 0x14, 0x63, 0xd7, 0xb2, 0x69, 0xbb, 0x7c, 0x53, 0xda, 0x69, 0xf4, 0x3b, 0x0a,
0xaf, 0x9d, 0x92, 0xd6, 0x4e, 0x31, 0xd3, 0xda, 0xe9, 0x35, 0xee, 0xac, 0x52, 0xf4, 0x25, 0x00,
0x17, 0x86, 0x1e, 0x2d, 0x70, 0xbb, 0xc2, 0x88, 0xdc, 0xc8, 0x11, 0xc9, 0x9e, 0xd4, 0x3c, 0x5a,
0x60, 0xbd, 0x4e, 0xd3, 0xcf, 0x47, 0x95, 0xda, 0x86, 0x5c, 0xed, 0xfe, 0x25, 0x41, 0x7b, 0xb5,
0x06, 0xd1, 0x22, 0xf0, 0x23, 0x9c, 0x24, 0xc0, 0x61, 0x18, 0x84, 0x96, 0x13, 0xb8, 0x5c, 0x93,
0xe5, 0x04, 0xe2, 0xa4, 0x5a, 0xe2, 0x35, 0x08, 0x5c, 0xac, 0xd7, 0x71, 0xfa, 0x89, 0xde, 0x83,
0x0b, 0x7c, 0xb7, 0x68, 0x1d, 0x26, 0x55, 0x5d, 0x6f, 0x32, 0x70, 0xc4, 0x31, 0x34, 0x81, 0x8b,
0x69, 0x71, 0x79, 0x52, 0xa1, 0xc0, 0x4e, 0x51, 0x9a, 0x22, 0x92, 0xfa, 0x05, 0x9a, 0xe3, 0xfc,
0x21, 0x5c, 0x4a, 0x36, 0x11, 0x07, 0x5b, 0x87, 0x38, 0x8c, 0x48, 0xe0, 0x33, 0x65, 0xea, 0xfa,
0x45, 0x01, 0x3f, 0xe5, 0x68, 0xf7, 0x57, 0x09, 0xae, 0x14, 0x9e, 0xba, 0x20, 0x42, 0xa9, 0x28,
0x02, 0x32, 0x01, 0x25, 0xad, 0x6e, 0xe5, 0x5a, 0xbb, 0xbd, 0xc9, 0xf8, 0xbf, 0x5f, 0xc4, 0xff,
0x49, 0xec, 0x90, 0x6c, 0xca, 0x87, 0xe7, 0x74, 0x79, 0xbe, 0x84, 0xdd, 0x6f, 0x66, 0xab, 0xfa,
0xa8, 0x52, 0x93, 0xe4, 0xd2, 0xa3, 0x4a, 0xed, 0x8a, 0xbc, 0xd9, 0x7d, 0x09, 0xf2, 0x72, 0x84,
0x44, 0xe4, 0x7c, 0x7a, 0x89, 0x8b, 0xec, 0x65, 0x9d, 0xfa, 0x50, 0xc5, 0xdf, 0x2e, 0x48, 0x78,
0xc4, 0x0e, 0xf2, 0xe6, 0xf6, 0x12, 0x9e, 0xdd, 0xd7, 0x12, 0x74, 0x92, 0xc6, 0xd8, 0x3d, 0xbe,
0xee, 0xb9, 0xfb, 0xf2, 0x31, 0x20, 0x31, 0x08, 0xb0, 0x6b, 0x11, 0x17, 0xfb, 0x94, 0xd0, 0x23,
0x91, 0xfc, 0xf2, 0xb1, 0x65, 0x28, 0x0c, 0xe8, 0x0e, 0x5c, 0x3e, 0xb4, 0xe7, 0xc4, 0x25, 0xf4,
0xc8, 0x72, 0xe3, 0x90, 0xc5, 0x63, 0x64, 0xca, 0xba, 0x9c, 0x1a, 0x76, 0x05, 0x8e, 0x3a, 0x50,
0xb3, 0x63, 0x97, 0x60, 0xdf, 0x49, 0xba, 0xa1, 0xbc, 0x53, 0xd7, 0x8f, 0xd7, 0x89, 0x4d, 0x54,
0x21, 0x6a, 0x57, 0xb8, 0x2d, 0x5d, 0xa3, 0x2d, 0xa8, 0x26, 0x3a, 0xfb, 0xb4, 0xbd, 0xc1, 0x78,
0x88, 0x15, 0x42, 0x50, 0xa1, 0xf6, 0x2c, 0x6a, 0x57, 0x99, 0x3f, 0xfb, 0xee, 0xfe, 0x2c, 0xc1,
0xf5, 0xc2, 0xe3, 0x89, 0x26, 0xb8, 0x02, 0x1b, 0x59, 0x3d, 0xf9, 0x02, 0x0d, 0xa0, 0x75, 0x32,
0xfe, 0xac, 0x28, 0x7e, 0xce, 0x7d, 0xb8, 0xaa, 0x48, 0x49, 0x67, 0xa4, 0x62, 0x08, 0x8b, 0x8e,
0x4e, 0xdc, 0x53, 0xac, 0xa8, 0xbf, 0xca, 0x85, 0x1d, 0xfa, 0x8b, 0x28, 0xc1, 0x44, 0x8d, 0xe9,
0x01, 0xa3, 0xb7, 0x17, 0xda, 0x3e, 0x4d, 0x4b, 0x90, 0x89, 0x63, 0x3b, 0x4e, 0x10, 0xfb, 0x54,
0x90, 0x4d, 0xe3, 0xa8, 0x1c, 0x7d, 0x3b, 0xf1, 0xaf, 0x41, 0x0d, 0xfb, 0xae, 0x15, 0x47, 0x38,
0x14, 0xb4, 0xce, 0x63, 0xdf, 0x9d, 0x46, 0x38, 0x44, 0x37, 0x00, 0x92, 0x3a, 0x50, 0x8b, 0xa9,
0xc9, 0xd5, 0xaf, 0x33, 0xc4, 0x4c, 0x24, 0xfd, 0x51, 0x48, 0xba, 0x42, 0x57, 0x48, 0xba, 0x0d,
0x8d, 0x59, 0x02, 0xe4, 0x1a, 0x15, 0x18, 0xf4, 0x8f, 0xdb, 0xf4, 0xec, 0x62, 0xfe, 0x2e, 0xc1,
0x8d, 0x3c, 0xbb, 0xa7, 0xc4, 0xce, 0xe9, 0x79, 0x2a, 0xbf, 0x6d, 0x68, 0x04, 0xc9, 0xb3, 0x68,
0x45, 0x4e, 0xb0, 0x48, 0xc6, 0x59, 0x22, 0x00, 0x30, 0xc8, 0x48, 0x10, 0xd4, 0x87, 0x4d, 0x8f,
0xf8, 0xd6, 0xaa, 0xd8, 0x65, 0x26, 0x76, 0xcb, 0x23, 0xfe, 0xd3, 0x65, 0xbd, 0x4f, 0x11, 0xf5,
0x27, 0x09, 0xde, 0x5d, 0x47, 0x5b, 0xe8, 0x7a, 0x0b, 0x9a, 0xb6, 0xe3, 0xe0, 0x28, 0xca, 0x11,
0x6f, 0x70, 0xec, 0x3f, 0x50, 0xf6, 0x37, 0x89, 0x3f, 0xe3, 0xfb, 0x61, 0xf0, 0x0d, 0x76, 0x68,
0x6e, 0x4c, 0xdc, 0x82, 0x26, 0x1b, 0x91, 0x0b, 0x6e, 0x4b, 0xb9, 0x25, 0x98, 0x70, 0xff, 0x5f,
0x54, 0xfd, 0x43, 0xbc, 0x7a, 0x79, 0xca, 0x42, 0xcf, 0x3e, 0x6c, 0x2e, 0xdd, 0x2b, 0x0b, 0x7b,
0x36, 0x99, 0x0b, 0xf2, 0xad, 0xfc, 0xed, 0xd2, 0x12, 0xd3, 0x4a, 0x0d, 0x4a, 0x6f, 0xaa, 0x41,
0xf9, 0xdf, 0xd4, 0xa0, 0xf0, 0x31, 0xbb, 0xfd, 0x05, 0xa0, 0xd5, 0xbf, 0x0d, 0x24, 0x43, 0x73,
0x3a, 0x7e, 0x3c, 0x9e, 0x3c, 0x1b, 0x5b, 0xea, 0x93, 0xbd, 0x89, 0x7c, 0x0e, 0xb5, 0xe0, 0x92,
0xf1, 0x50, 0xed, 0x7f, 0xfa, 0x99, 0xa5, 0x1b, 0x2a, 0x07, 0xa5, 0xdb, 0x7f, 0x4a, 0x50, 0x3f,
0x7e, 0xc1, 0x51, 0x03, 0xce, 0x1b, 0xd3, 0xc1, 0x40, 0x33, 0x0c, 0xf9, 0x1c, 0xba, 0x06, 0x9b,
0xd3, 0xb1, 0x31, 0xdd, 0xdf, 0x9f, 0xe8, 0xa6, 0xb6, 0x6b, 0x19, 0xc3, 0xbd, 0xb1, 0x6a, 0x4e,
0x75, 0x4d, 0x96, 0x50, 0x07, 0xb6, 0xb2, 0x26, 0x73, 0xf2, 0x58, 0x1b, 0x5b, 0xe6, 0x57, 0xfb,
0x9a, 0x5c, 0x42, 0x97, 0xe1, 0xc2, 0x7d, 0x75, 0xd7, 0x32, 0x87, 0x23, 0xcd, 0x30, 0xd5, 0xd1,
0xbe, 0x5c, 0x4e, 0xdc, 0x13, 0x68, 0xa0, 0xe9, 0xe6, 0xf0, 0xc1, 0x70, 0xa0, 0x9a, 0x9a, 0xf5,
0x60, 0xa2, 0x8f, 0x54, 0x53, 0xae, 0xa4, 0xee, 0x27, 0xd1, 0x37, 0x78, 0x62, 0x53, 0x9f, 0x1a,
0x49, 0xec, 0xcc, 0x26, 0xb9, 0x8a, 0xae, 0x42, 0x8b, 0x05, 0x67, 0x09, 0x55, 0x7d, 0x6f, 0x3a,
0xd2, 0xc6, 0xa6, 0x21, 0x9f, 0x47, 0xdb, 0x70, 0x7d, 0xa4, 0x0e, 0x1e, 0x0e, 0xc7, 0x9a, 0x30,
0x8e, 0x86, 0x63, 0x73, 0x38, 0xde, 0xb3, 0x34, 0x5d, 0x9f, 0xe8, 0x72, 0xad, 0xff, 0xba, 0x02,
0x0d, 0x56, 0x8c, 0x11, 0x7b, 0x8f, 0x91, 0x07, 0xf2, 0xf2, 0xbf, 0x0f, 0xba, 0x53, 0xf8, 0xe3,
0x51, 0xfc, 0x97, 0xda, 0xf9, 0xe8, 0x6c, 0xce, 0xa2, 0xb1, 0x0e, 0xa1, 0x55, 0xf0, 0xe4, 0x20,
0x65, 0x5d, 0x90, 0xe2, 0xa7, 0xb7, 0xd3, 0x3b, 0xb3, 0x7f, 0x3e, 0xef, 0xd2, 0x5c, 0x5e, 0x9f,
0xb7, 0xf8, 0xbd, 0x59, 0x9f, 0x77, 0xdd, 0xc0, 0xff, 0x1e, 0xb6, 0x8a, 0x47, 0x17, 0xba, 0x7b,
0x7a, 0xa8, 0xa5, 0xe9, 0xdc, 0xe9, 0xbf, 0xcd, 0x16, 0x41, 0x40, 0xd4, 0x37, 0x7b, 0xcb, 0xd7,
0xd7, 0xb7, 0x60, 0x7c, 0xad, 0xaf, 0x6f, 0xd1, 0xe0, 0xb8, 0x5f, 0xfb, 0xba, 0xca, 0x5d, 0x9e,
0x57, 0xd9, 0x9d, 0xfe, 0xe4, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8f, 0x90, 0x04, 0x0b, 0xda,
0x0d, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// TokenMinterClient is the client API for TokenMinter service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type TokenMinterClient interface {
// MintMachineToken generates a new token for an authenticated machine.
//
// It checks that provided certificate was signed by some trusted CA, and it
// is still valid (non-expired and hasn't been revoked). It then checks that
// the request was signed by the corresponding private key. Finally it checks
// that the caller is authorized to generate requested kind of token.
//
// If everything checks out, it generates and returns a new machine token.
//
// On fatal error it returns detailed error response via same
// MintMachineTokenResponse. On transient errors it returns generic
// grpc.Internal error.
MintMachineToken(ctx context.Context, in *MintMachineTokenRequest, opts ...grpc.CallOption) (*MintMachineTokenResponse, error)
// MintDelegationToken generates a new bearer delegation token.
//
// Such token can be sent in 'X-Delegation-Token-V1' header (alongside regular
// credentials like OAuth2 access token) to convey that the caller should be
// authentication as 'delegated_identity' specified in the token.
//
// The delegation tokens are subject to multiple restrictions (embedded in
// the token):
// * They have expiration time.
// * They are usable only if presented with a credential of someone from
// the 'audience' list.
// * They are usable only on services specified in the 'services' list.
//
// The token server must be configured in advance with all expected
// combinations of (caller identity, delegated identity, audience, service)
// tuples. See DelegationRule in config.proto.
MintDelegationToken(ctx context.Context, in *MintDelegationTokenRequest, opts ...grpc.CallOption) (*MintDelegationTokenResponse, error)
// MintOAuthTokenGrant generates a new grant for getting an OAuth2 token.
//
// This is a special (opaque for clients) token that asserts that the caller
// at the time of the call was allowed to act as a particular service account
// to perform a task authorized by an end-user.
//
// The returned grant can be used later (when the end-user is no longer
// present) to get a real OAuth2 access token via MintOAuthTokenViaGrant call.
//
// This pair of RPCs is used to "delay" generation of service account OAuth
// token until some later time, when it is actually needed. This is used by
// Swarming:
// 1. When the task is posted, Swarming calls MintOAuthTokenGrant to verify
// that the end-user is allowed to act as the requested service account
// on Swarming. On success, Swarming stores the grant in the task
// metadata.
// 2. At a later time, when the task is executing and it needs an access
// token, Swarming calls MintOAuthTokenViaGrant to convert the grant into
// a real OAuth2 token.
//
// The returned grant can be used multiple times (as long as its validity
// duration and the token server policy allows).
//
// The token server must be configured in advance with all expected
// combinations of (caller identity, service account name, end users) tuples.
// See ServiceAccountRule in config.proto.
//
// MintOAuthTokenGrant will check that the requested usage is allowed by the
// rules. Later, MintOAuthTokenViaGrant will recheck this too.
MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error)
// MintOAuthTokenViaGrant converts an OAuth2 token grant into an access token.
//
// The grant must be previously generated by MintOAuthTokenGrant function, see
// its docs for more details.
MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error)
// MintProjectToken mints an OAuth2 identity token that represents an identity
// associated with a LUCI project.
//
// Project-scoped tokens prevent accidental cross-project identity confusion
// when LUCI services access project specific resources such as a source code
// repository.
MintProjectToken(ctx context.Context, in *MintProjectTokenRequest, opts ...grpc.CallOption) (*MintProjectTokenResponse, error)
}
type tokenMinterPRPCClient struct {
client *prpc.Client
}
func NewTokenMinterPRPCClient(client *prpc.Client) TokenMinterClient {
return &tokenMinterPRPCClient{client}
}
func (c *tokenMinterPRPCClient) MintMachineToken(ctx context.Context, in *MintMachineTokenRequest, opts ...grpc.CallOption) (*MintMachineTokenResponse, error) {
out := new(MintMachineTokenResponse)
err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintMachineToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterPRPCClient) MintDelegationToken(ctx context.Context, in *MintDelegationTokenRequest, opts ...grpc.CallOption) (*MintDelegationTokenResponse, error) {
out := new(MintDelegationTokenResponse)
err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintDelegationToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterPRPCClient) MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error) {
out := new(MintOAuthTokenGrantResponse)
err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintOAuthTokenGrant", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterPRPCClient) MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error) {
out := new(MintOAuthTokenViaGrantResponse)
err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintOAuthTokenViaGrant", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterPRPCClient) MintProjectToken(ctx context.Context, in *MintProjectTokenRequest, opts ...grpc.CallOption) (*MintProjectTokenResponse, error) {
out := new(MintProjectTokenResponse)
err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintProjectToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
type tokenMinterClient struct {
cc *grpc.ClientConn
}
func NewTokenMinterClient(cc *grpc.ClientConn) TokenMinterClient {
return &tokenMinterClient{cc}
}
func (c *tokenMinterClient) MintMachineToken(ctx context.Context, in *MintMachineTokenRequest, opts ...grpc.CallOption) (*MintMachineTokenResponse, error) {
out := new(MintMachineTokenResponse)
err := c.cc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintMachineToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterClient) MintDelegationToken(ctx context.Context, in *MintDelegationTokenRequest, opts ...grpc.CallOption) (*MintDelegationTokenResponse, error) {
out := new(MintDelegationTokenResponse)
err := c.cc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintDelegationToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterClient) MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error) {
out := new(MintOAuthTokenGrantResponse)
err := c.cc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintOAuthTokenGrant", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterClient) MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error) {
out := new(MintOAuthTokenViaGrantResponse)
err := c.cc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenMinterClient) MintProjectToken(ctx context.Context, in *MintProjectTokenRequest, opts ...grpc.CallOption) (*MintProjectTokenResponse, error) {
out := new(MintProjectTokenResponse)
err := c.cc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintProjectToken", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// TokenMinterServer is the server API for TokenMinter service.
type TokenMinterServer interface {
// MintMachineToken generates a new token for an authenticated machine.
//
// It checks that provided certificate was signed by some trusted CA, and it
// is still valid (non-expired and hasn't been revoked). It then checks that
// the request was signed by the corresponding private key. Finally it checks
// that the caller is authorized to generate requested kind of token.
//
// If everything checks out, it generates and returns a new machine token.
//
// On fatal error it returns detailed error response via same
// MintMachineTokenResponse. On transient errors it returns generic
// grpc.Internal error.
MintMachineToken(context.Context, *MintMachineTokenRequest) (*MintMachineTokenResponse, error)
// MintDelegationToken generates a new bearer delegation token.
//
// Such token can be sent in 'X-Delegation-Token-V1' header (alongside regular
// credentials like OAuth2 access token) to convey that the caller should be
// authentication as 'delegated_identity' specified in the token.
//
// The delegation tokens are subject to multiple restrictions (embedded in
// the token):
// * They have expiration time.
// * They are usable only if presented with a credential of someone from
// the 'audience' list.
// * They are usable only on services specified in the 'services' list.
//
// The token server must be configured in advance with all expected
// combinations of (caller identity, delegated identity, audience, service)
// tuples. See DelegationRule in config.proto.
MintDelegationToken(context.Context, *MintDelegationTokenRequest) (*MintDelegationTokenResponse, error)
// MintOAuthTokenGrant generates a new grant for getting an OAuth2 token.
//
// This is a special (opaque for clients) token that asserts that the caller
// at the time of the call was allowed to act as a particular service account
// to perform a task authorized by an end-user.
//
// The returned grant can be used later (when the end-user is no longer
// present) to get a real OAuth2 access token via MintOAuthTokenViaGrant call.
//
// This pair of RPCs is used to "delay" generation of service account OAuth
// token until some later time, when it is actually needed. This is used by
// Swarming:
// 1. When the task is posted, Swarming calls MintOAuthTokenGrant to verify
// that the end-user is allowed to act as the requested service account
// on Swarming. On success, Swarming stores the grant in the task
// metadata.
// 2. At a later time, when the task is executing and it needs an access
// token, Swarming calls MintOAuthTokenViaGrant to convert the grant into
// a real OAuth2 token.
//
// The returned grant can be used multiple times (as long as its validity
// duration and the token server policy allows).
//
// The token server must be configured in advance with all expected
// combinations of (caller identity, service account name, end users) tuples.
// See ServiceAccountRule in config.proto.
//
// MintOAuthTokenGrant will check that the requested usage is allowed by the
// rules. Later, MintOAuthTokenViaGrant will recheck this too.
MintOAuthTokenGrant(context.Context, *MintOAuthTokenGrantRequest) (*MintOAuthTokenGrantResponse, error)
// MintOAuthTokenViaGrant converts an OAuth2 token grant into an access token.
//
// The grant must be previously generated by MintOAuthTokenGrant function, see
// its docs for more details.
MintOAuthTokenViaGrant(context.Context, *MintOAuthTokenViaGrantRequest) (*MintOAuthTokenViaGrantResponse, error)
// MintProjectToken mints an OAuth2 identity token that represents an identity
// associated with a LUCI project.
//
// Project-scoped tokens prevent accidental cross-project identity confusion
// when LUCI services access project specific resources such as a source code
// repository.
MintProjectToken(context.Context, *MintProjectTokenRequest) (*MintProjectTokenResponse, error)
}
func RegisterTokenMinterServer(s prpc.Registrar, srv TokenMinterServer) {
s.RegisterService(&_TokenMinter_serviceDesc, srv)
}
func _TokenMinter_MintMachineToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MintMachineTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenMinterServer).MintMachineToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/tokenserver.minter.TokenMinter/MintMachineToken",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenMinterServer).MintMachineToken(ctx, req.(*MintMachineTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenMinter_MintDelegationToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MintDelegationTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenMinterServer).MintDelegationToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/tokenserver.minter.TokenMinter/MintDelegationToken",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenMinterServer).MintDelegationToken(ctx, req.(*MintDelegationTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenMinter_MintOAuthTokenGrant_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MintOAuthTokenGrantRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenMinterServer).MintOAuthTokenGrant(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/tokenserver.minter.TokenMinter/MintOAuthTokenGrant",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenMinterServer).MintOAuthTokenGrant(ctx, req.(*MintOAuthTokenGrantRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenMinter_MintOAuthTokenViaGrant_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MintOAuthTokenViaGrantRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenMinterServer).MintOAuthTokenViaGrant(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenMinterServer).MintOAuthTokenViaGrant(ctx, req.(*MintOAuthTokenViaGrantRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenMinter_MintProjectToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MintProjectTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenMinterServer).MintProjectToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/tokenserver.minter.TokenMinter/MintProjectToken",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenMinterServer).MintProjectToken(ctx, req.(*MintProjectTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
var _TokenMinter_serviceDesc = grpc.ServiceDesc{
ServiceName: "tokenserver.minter.TokenMinter",
HandlerType: (*TokenMinterServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "MintMachineToken",
Handler: _TokenMinter_MintMachineToken_Handler,
},
{
MethodName: "MintDelegationToken",
Handler: _TokenMinter_MintDelegationToken_Handler,
},
{
MethodName: "MintOAuthTokenGrant",
Handler: _TokenMinter_MintOAuthTokenGrant_Handler,
},
{
MethodName: "MintOAuthTokenViaGrant",
Handler: _TokenMinter_MintOAuthTokenViaGrant_Handler,
},
{
MethodName: "MintProjectToken",
Handler: _TokenMinter_MintProjectToken_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "go.chromium.org/luci/tokenserver/api/minter/v1/token_minter.proto",
}