go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/common/proto/realms/realms_config.pb.go (about) 1 // Copyright 2020 The LUCI Authors. All rights reserved. 2 // Use of this source code is governed under the Apache License, Version 2.0 3 // that can be found in the LICENSE file. 4 5 // Schema for realms.cfg project configuration file. 6 // 7 // RealmsCfg describes configuration of all realms of some single LUCI project. 8 9 // Code generated by protoc-gen-go. DO NOT EDIT. 10 // versions: 11 // protoc-gen-go v1.31.0 12 // protoc v3.21.7 13 // source: go.chromium.org/luci/common/proto/realms/realms_config.proto 14 15 package realms 16 17 import ( 18 _ "go.chromium.org/luci/common/proto" 19 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 20 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 21 reflect "reflect" 22 sync "sync" 23 ) 24 25 const ( 26 // Verify that this generated code is sufficiently up-to-date. 27 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 28 // Verify that runtime/protoimpl is sufficiently up-to-date. 29 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 30 ) 31 32 // RealmsCfg defines a schema for realms.cfg project configuration file. 33 type RealmsCfg struct { 34 state protoimpl.MessageState 35 sizeCache protoimpl.SizeCache 36 unknownFields protoimpl.UnknownFields 37 38 // List of all realms in the project in arbitrary order. 39 Realms []*Realm `protobuf:"bytes,1,rep,name=realms,proto3" json:"realms,omitempty"` 40 // Optional list of custom roles that can be referenced from Bindings in this 41 // project. 42 CustomRoles []*CustomRole `protobuf:"bytes,2,rep,name=custom_roles,json=customRoles,proto3" json:"custom_roles,omitempty"` 43 } 44 45 func (x *RealmsCfg) Reset() { 46 *x = RealmsCfg{} 47 if protoimpl.UnsafeEnabled { 48 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0] 49 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 50 ms.StoreMessageInfo(mi) 51 } 52 } 53 54 func (x *RealmsCfg) String() string { 55 return protoimpl.X.MessageStringOf(x) 56 } 57 58 func (*RealmsCfg) ProtoMessage() {} 59 60 func (x *RealmsCfg) ProtoReflect() protoreflect.Message { 61 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0] 62 if protoimpl.UnsafeEnabled && x != nil { 63 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 64 if ms.LoadMessageInfo() == nil { 65 ms.StoreMessageInfo(mi) 66 } 67 return ms 68 } 69 return mi.MessageOf(x) 70 } 71 72 // Deprecated: Use RealmsCfg.ProtoReflect.Descriptor instead. 73 func (*RealmsCfg) Descriptor() ([]byte, []int) { 74 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{0} 75 } 76 77 func (x *RealmsCfg) GetRealms() []*Realm { 78 if x != nil { 79 return x.Realms 80 } 81 return nil 82 } 83 84 func (x *RealmsCfg) GetCustomRoles() []*CustomRole { 85 if x != nil { 86 return x.CustomRoles 87 } 88 return nil 89 } 90 91 // Realm is a named container for (<principal>, <permission>) pairs. 92 // 93 // A LUCI resource can point to exactly one realm by referring to its full 94 // name ("<project>:<realm>"). We say that such resource "belongs to the realm" 95 // or "lives in the realm" or is just "in the realm". We also say that such 96 // resource belongs to the project "<project>". The corresponding Realm message 97 // then describes who can do what to the resource. 98 // 99 // The logic of how resources get assigned to realms is a part of the public API 100 // of the service that owns resources. Some services may use a static realm 101 // assignment via project configuration files, others may do it dynamically by 102 // accepting a realm when a resource is created via an RPC. 103 // 104 // A realm can "extend" one or more other realms. If a realm `A` extends `B`, 105 // then all permissions defined in `B` are also in `A`. Remembering that a realm 106 // is just a set of (<principal>, <permission>) pairs, the "extend" relation is 107 // just a set inclusion. 108 // 109 // The primary way of populating the permission set of a realm is via bindings. 110 // Each binding assigns a role to a set of principals. Since each role is 111 // essentially just a set of permissions, each binding adds to the realm a 112 // Cartesian product of a set of permissions (defined via the role) and a set of 113 // principals (defined via a direct listing or via groups). 114 // 115 // There are two special realms (both optional) that a project can have: "@root" 116 // and "@legacy". 117 // 118 // The root realm is implicitly included into all other realms (including 119 // "@legacy"), and it is also used as a fallback when a resource points to 120 // a realm that no longer exists. Without the root realm, such resources become 121 // effectively inaccessible and this may be undesirable. Permissions in the root 122 // realm apply to all realms in the project (current, past and future), and thus 123 // the root realm should contain only administrative-level bindings. If you are 124 // not sure whether you should use the root realm or not, err on the side of not 125 // using it. 126 // 127 // The legacy realm is used for existing resources created before the realms 128 // mechanism was introduced. Such resources usually are not associated with any 129 // realm at all. They are implicitly placed into the legacy realm to allow 130 // reusing realms' machinery for them. 131 // 132 // Note that the details of how resources are placed in the legacy realm are up 133 // to a particular service implementation. Some services may be able to figure 134 // out an appropriate realm for a legacy resource based on resource's existing 135 // attributes. Some services may not have legacy resources at all. The legacy 136 // realm is not used in these case. Refer to the service documentation. 137 // 138 // A realm can also carry some small amount of data (usually auth related) that 139 // LUCI services use when dealing with this realm. It should be something that 140 // all (or at least more than one) LUCI services use. Configuration specific to 141 // a single service should be in this service's project config instead. 142 type Realm struct { 143 state protoimpl.MessageState 144 sizeCache protoimpl.SizeCache 145 unknownFields protoimpl.UnknownFields 146 147 // Name of the realm. 148 // 149 // Must match `^[a-z0-9_\.\-/]{1,400}$` or be literals "@root" or "@legacy". 150 // 151 // Realm names must be unique within a project. 152 Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` 153 // Optional list of realms whose permissions will be included in this realm. 154 // 155 // All realms implicitly extend "@root" realm (if it is defined), i.e. all 156 // permissions specified in the "@root" realm are propagated to all realms in 157 // the project. 158 // 159 // To keep the mental model simple, cycles aren't allowed (i.e. a realm is not 160 // allowed to directly or indirectly extend itself). The LUCI Config service 161 // will reject realms.cfg that contains cycles during the config validation 162 // phase. 163 Extends []string `protobuf:"bytes,2,rep,name=extends,proto3" json:"extends,omitempty"` 164 // List of bindings that define who can do what to resources in this realm. 165 Bindings []*Binding `protobuf:"bytes,3,rep,name=bindings,proto3" json:"bindings,omitempty"` 166 // A list of LUCI service IDs that should enforce this realm's permissions. 167 // 168 // Children realms inherit and extend this list. 169 // 170 // Used only during Realms migration to gradually roll out the enforcement 171 // realm by realm, service by service. 172 EnforceInService []string `protobuf:"bytes,4,rep,name=enforce_in_service,json=enforceInService,proto3" json:"enforce_in_service,omitempty"` 173 } 174 175 func (x *Realm) Reset() { 176 *x = Realm{} 177 if protoimpl.UnsafeEnabled { 178 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1] 179 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 180 ms.StoreMessageInfo(mi) 181 } 182 } 183 184 func (x *Realm) String() string { 185 return protoimpl.X.MessageStringOf(x) 186 } 187 188 func (*Realm) ProtoMessage() {} 189 190 func (x *Realm) ProtoReflect() protoreflect.Message { 191 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1] 192 if protoimpl.UnsafeEnabled && x != nil { 193 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 194 if ms.LoadMessageInfo() == nil { 195 ms.StoreMessageInfo(mi) 196 } 197 return ms 198 } 199 return mi.MessageOf(x) 200 } 201 202 // Deprecated: Use Realm.ProtoReflect.Descriptor instead. 203 func (*Realm) Descriptor() ([]byte, []int) { 204 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{1} 205 } 206 207 func (x *Realm) GetName() string { 208 if x != nil { 209 return x.Name 210 } 211 return "" 212 } 213 214 func (x *Realm) GetExtends() []string { 215 if x != nil { 216 return x.Extends 217 } 218 return nil 219 } 220 221 func (x *Realm) GetBindings() []*Binding { 222 if x != nil { 223 return x.Bindings 224 } 225 return nil 226 } 227 228 func (x *Realm) GetEnforceInService() []string { 229 if x != nil { 230 return x.EnforceInService 231 } 232 return nil 233 } 234 235 // Binding assigns a role to all specified principals. 236 type Binding struct { 237 state protoimpl.MessageState 238 sizeCache protoimpl.SizeCache 239 unknownFields protoimpl.UnknownFields 240 241 // Name of the role to assign. 242 // 243 // Can either be a predefined role (if starts with "role/") or a custom role 244 // (if starts with "customRole/"). See TODO for a list of predefined roles 245 // and their meanings. 246 // 247 // A custom role must be defined somewhere in this realms.cfg file. 248 Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"` 249 // A set of principals to assign the role to. 250 // 251 // Each entry can either be an identity string (like "user:<email>") or a 252 // LUCI group reference "group:<name>". 253 Principals []string `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"` 254 // A list of conditions ANDed together that define when the binding is active. 255 // 256 // If empty, the binding is active all the time. 257 Conditions []*Condition `protobuf:"bytes,3,rep,name=conditions,proto3" json:"conditions,omitempty"` 258 } 259 260 func (x *Binding) Reset() { 261 *x = Binding{} 262 if protoimpl.UnsafeEnabled { 263 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2] 264 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 265 ms.StoreMessageInfo(mi) 266 } 267 } 268 269 func (x *Binding) String() string { 270 return protoimpl.X.MessageStringOf(x) 271 } 272 273 func (*Binding) ProtoMessage() {} 274 275 func (x *Binding) ProtoReflect() protoreflect.Message { 276 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2] 277 if protoimpl.UnsafeEnabled && x != nil { 278 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 279 if ms.LoadMessageInfo() == nil { 280 ms.StoreMessageInfo(mi) 281 } 282 return ms 283 } 284 return mi.MessageOf(x) 285 } 286 287 // Deprecated: Use Binding.ProtoReflect.Descriptor instead. 288 func (*Binding) Descriptor() ([]byte, []int) { 289 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{2} 290 } 291 292 func (x *Binding) GetRole() string { 293 if x != nil { 294 return x.Role 295 } 296 return "" 297 } 298 299 func (x *Binding) GetPrincipals() []string { 300 if x != nil { 301 return x.Principals 302 } 303 return nil 304 } 305 306 func (x *Binding) GetConditions() []*Condition { 307 if x != nil { 308 return x.Conditions 309 } 310 return nil 311 } 312 313 // Condition defines a predicate that takes a set of `attribute = value` pairs 314 // with a context of a particular permission check and returns True if the 315 // binding guarded by this conditions should be respected. 316 // 317 // When a service checks a permission, it passes to the authorization library 318 // a string-valued dictionary of attributes that describes the context of the 319 // permission check. It contains things like the name of the resource being 320 // accessed, or parameters of the incoming RPC request that triggered 321 // the check. 322 // 323 // A list of available attributes and meaning of their values depends on 324 // the permission being checked and is documented in the corresponding service 325 // documentation. 326 type Condition struct { 327 state protoimpl.MessageState 328 sizeCache protoimpl.SizeCache 329 unknownFields protoimpl.UnknownFields 330 331 // Types that are assignable to Op: 332 // 333 // *Condition_Restrict 334 Op isCondition_Op `protobuf_oneof:"op"` 335 } 336 337 func (x *Condition) Reset() { 338 *x = Condition{} 339 if protoimpl.UnsafeEnabled { 340 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3] 341 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 342 ms.StoreMessageInfo(mi) 343 } 344 } 345 346 func (x *Condition) String() string { 347 return protoimpl.X.MessageStringOf(x) 348 } 349 350 func (*Condition) ProtoMessage() {} 351 352 func (x *Condition) ProtoReflect() protoreflect.Message { 353 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3] 354 if protoimpl.UnsafeEnabled && x != nil { 355 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 356 if ms.LoadMessageInfo() == nil { 357 ms.StoreMessageInfo(mi) 358 } 359 return ms 360 } 361 return mi.MessageOf(x) 362 } 363 364 // Deprecated: Use Condition.ProtoReflect.Descriptor instead. 365 func (*Condition) Descriptor() ([]byte, []int) { 366 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{3} 367 } 368 369 func (m *Condition) GetOp() isCondition_Op { 370 if m != nil { 371 return m.Op 372 } 373 return nil 374 } 375 376 func (x *Condition) GetRestrict() *Condition_AttributeRestriction { 377 if x, ok := x.GetOp().(*Condition_Restrict); ok { 378 return x.Restrict 379 } 380 return nil 381 } 382 383 type isCondition_Op interface { 384 isCondition_Op() 385 } 386 387 type Condition_Restrict struct { 388 Restrict *Condition_AttributeRestriction `protobuf:"bytes,1,opt,name=restrict,proto3,oneof"` 389 } 390 391 func (*Condition_Restrict) isCondition_Op() {} 392 393 // Custom role defines a custom named set of permissions. 394 // 395 // Can be used in bindings if predefined roles are too broad or do not map well 396 // to the desired set of permissions. 397 // 398 // Custom roles are scoped to the project (i.e. different projects may have 399 // identically named, but semantically different custom roles). 400 type CustomRole struct { 401 state protoimpl.MessageState 402 sizeCache protoimpl.SizeCache 403 unknownFields protoimpl.UnknownFields 404 405 // Name of this custom role, must start with "customRole/". 406 Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` 407 // Optional list of roles whose permissions will be included in this role. 408 // 409 // Each entry can either be a predefined role (if starts with "role/") or 410 // another custom role defined in this realms.cfg (if starts with 411 // "customRole/"). 412 // 413 // To keep the mental model simple, cycles aren't allowed (i.e. a custom role 414 // is not allowed to directly or indirectly extend itself). The LUCI Config 415 // service will reject realms.cfg that contains cycles during the config 416 // validation phase. 417 Extends []string `protobuf:"bytes,2,rep,name=extends,proto3" json:"extends,omitempty"` 418 // Optional list of permissions to include in the role. 419 // 420 // Each permission is a symbol that has form "<service>.<subject>.<verb>", 421 // which describes some elementary action ("<verb>") that can be done to some 422 // category of resources ("<subject>"), managed by some particular kind of 423 // LUCI service ("<service>"). 424 // 425 // Examples of permissions: 426 // - buildbucket.build.create 427 // - swarming.pool.listBots 428 // - swarming.task.cancel 429 // 430 // See TODO for a list of all possible permissions. 431 Permissions []string `protobuf:"bytes,3,rep,name=permissions,proto3" json:"permissions,omitempty"` 432 } 433 434 func (x *CustomRole) Reset() { 435 *x = CustomRole{} 436 if protoimpl.UnsafeEnabled { 437 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4] 438 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 439 ms.StoreMessageInfo(mi) 440 } 441 } 442 443 func (x *CustomRole) String() string { 444 return protoimpl.X.MessageStringOf(x) 445 } 446 447 func (*CustomRole) ProtoMessage() {} 448 449 func (x *CustomRole) ProtoReflect() protoreflect.Message { 450 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4] 451 if protoimpl.UnsafeEnabled && x != nil { 452 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 453 if ms.LoadMessageInfo() == nil { 454 ms.StoreMessageInfo(mi) 455 } 456 return ms 457 } 458 return mi.MessageOf(x) 459 } 460 461 // Deprecated: Use CustomRole.ProtoReflect.Descriptor instead. 462 func (*CustomRole) Descriptor() ([]byte, []int) { 463 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{4} 464 } 465 466 func (x *CustomRole) GetName() string { 467 if x != nil { 468 return x.Name 469 } 470 return "" 471 } 472 473 func (x *CustomRole) GetExtends() []string { 474 if x != nil { 475 return x.Extends 476 } 477 return nil 478 } 479 480 func (x *CustomRole) GetPermissions() []string { 481 if x != nil { 482 return x.Permissions 483 } 484 return nil 485 } 486 487 // AttributeRestriction checks that the attributes set (as a set of key-value 488 // pairs) contains a particular (attribute, value) pair. Checked values are 489 // given as a list. The check succeeds if ANY of (attribute, value) pairs are 490 // present: `any((attribute, value) in attrs for value in values)`. 491 type Condition_AttributeRestriction struct { 492 state protoimpl.MessageState 493 sizeCache protoimpl.SizeCache 494 unknownFields protoimpl.UnknownFields 495 496 Attribute string `protobuf:"bytes,1,opt,name=attribute,proto3" json:"attribute,omitempty"` 497 Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"` 498 } 499 500 func (x *Condition_AttributeRestriction) Reset() { 501 *x = Condition_AttributeRestriction{} 502 if protoimpl.UnsafeEnabled { 503 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5] 504 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 505 ms.StoreMessageInfo(mi) 506 } 507 } 508 509 func (x *Condition_AttributeRestriction) String() string { 510 return protoimpl.X.MessageStringOf(x) 511 } 512 513 func (*Condition_AttributeRestriction) ProtoMessage() {} 514 515 func (x *Condition_AttributeRestriction) ProtoReflect() protoreflect.Message { 516 mi := &file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5] 517 if protoimpl.UnsafeEnabled && x != nil { 518 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 519 if ms.LoadMessageInfo() == nil { 520 ms.StoreMessageInfo(mi) 521 } 522 return ms 523 } 524 return mi.MessageOf(x) 525 } 526 527 // Deprecated: Use Condition_AttributeRestriction.ProtoReflect.Descriptor instead. 528 func (*Condition_AttributeRestriction) Descriptor() ([]byte, []int) { 529 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP(), []int{3, 0} 530 } 531 532 func (x *Condition_AttributeRestriction) GetAttribute() string { 533 if x != nil { 534 return x.Attribute 535 } 536 return "" 537 } 538 539 func (x *Condition_AttributeRestriction) GetValues() []string { 540 if x != nil { 541 return x.Values 542 } 543 return nil 544 } 545 546 var File_go_chromium_org_luci_common_proto_realms_realms_config_proto protoreflect.FileDescriptor 547 548 var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc = []byte{ 549 0x0a, 0x3c, 0x67, 0x6f, 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 550 0x67, 0x2f, 0x6c, 0x75, 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 551 0x6f, 0x74, 0x6f, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x2f, 0x72, 0x65, 0x61, 0x6c, 0x6d, 552 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 553 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x2f, 0x67, 0x6f, 554 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x6c, 0x75, 555 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 556 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a, 557 0x09, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x43, 0x66, 0x67, 0x12, 0x2b, 0x0a, 0x06, 0x72, 0x65, 558 0x61, 0x6c, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x75, 0x74, 559 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x52, 560 0x06, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x12, 0x3b, 0x0a, 0x0c, 0x63, 0x75, 0x73, 0x74, 0x6f, 561 0x6d, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 562 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x75, 0x73, 563 0x74, 0x6f, 0x6d, 0x52, 0x6f, 0x6c, 0x65, 0x52, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 564 0x6f, 0x6c, 0x65, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x05, 0x52, 0x65, 0x61, 0x6c, 0x6d, 0x12, 0x12, 565 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 566 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 567 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x12, 0x31, 0x0a, 0x08, 568 0x62, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 569 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x42, 0x69, 570 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x62, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x12, 571 0x2c, 0x0a, 0x12, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x5f, 0x73, 0x65, 572 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x65, 0x6e, 0x66, 573 0x6f, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x76, 0x0a, 574 0x07, 0x42, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 575 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 576 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 577 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x37, 0x0a, 0x0a, 578 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 579 0x32, 0x17, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 580 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 581 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xab, 0x01, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 582 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x18, 583 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x65, 0x72, 584 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, 585 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 586 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x1a, 587 0x4c, 0x0a, 0x14, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x74, 588 0x72, 0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x72, 0x69, 589 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x72, 590 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 591 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x42, 0x04, 0x0a, 592 0x02, 0x6f, 0x70, 0x22, 0x5c, 0x0a, 0x0a, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x6f, 0x6c, 593 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 594 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 595 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x73, 0x12, 596 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 597 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 598 0x73, 0x42, 0x6a, 0xa2, 0xfe, 0x23, 0x35, 0x0a, 0x33, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 599 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x6c, 0x75, 0x63, 0x69, 0x2e, 0x61, 0x70, 0x70, 600 0x2f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 601 0x73, 0x3a, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x2e, 0x63, 0x66, 0x67, 0x5a, 0x2f, 0x67, 0x6f, 602 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x6c, 0x75, 603 0x63, 0x69, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 604 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x3b, 0x72, 0x65, 0x61, 0x6c, 0x6d, 0x73, 0x62, 0x06, 0x70, 605 0x72, 0x6f, 0x74, 0x6f, 0x33, 606 } 607 608 var ( 609 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescOnce sync.Once 610 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData = file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc 611 ) 612 613 func file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescGZIP() []byte { 614 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescOnce.Do(func() { 615 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData) 616 }) 617 return file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDescData 618 } 619 620 var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes = make([]protoimpl.MessageInfo, 6) 621 var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes = []interface{}{ 622 (*RealmsCfg)(nil), // 0: auth_service.RealmsCfg 623 (*Realm)(nil), // 1: auth_service.Realm 624 (*Binding)(nil), // 2: auth_service.Binding 625 (*Condition)(nil), // 3: auth_service.Condition 626 (*CustomRole)(nil), // 4: auth_service.CustomRole 627 (*Condition_AttributeRestriction)(nil), // 5: auth_service.Condition.AttributeRestriction 628 } 629 var file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs = []int32{ 630 1, // 0: auth_service.RealmsCfg.realms:type_name -> auth_service.Realm 631 4, // 1: auth_service.RealmsCfg.custom_roles:type_name -> auth_service.CustomRole 632 2, // 2: auth_service.Realm.bindings:type_name -> auth_service.Binding 633 3, // 3: auth_service.Binding.conditions:type_name -> auth_service.Condition 634 5, // 4: auth_service.Condition.restrict:type_name -> auth_service.Condition.AttributeRestriction 635 5, // [5:5] is the sub-list for method output_type 636 5, // [5:5] is the sub-list for method input_type 637 5, // [5:5] is the sub-list for extension type_name 638 5, // [5:5] is the sub-list for extension extendee 639 0, // [0:5] is the sub-list for field type_name 640 } 641 642 func init() { file_go_chromium_org_luci_common_proto_realms_realms_config_proto_init() } 643 func file_go_chromium_org_luci_common_proto_realms_realms_config_proto_init() { 644 if File_go_chromium_org_luci_common_proto_realms_realms_config_proto != nil { 645 return 646 } 647 if !protoimpl.UnsafeEnabled { 648 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 649 switch v := v.(*RealmsCfg); i { 650 case 0: 651 return &v.state 652 case 1: 653 return &v.sizeCache 654 case 2: 655 return &v.unknownFields 656 default: 657 return nil 658 } 659 } 660 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 661 switch v := v.(*Realm); i { 662 case 0: 663 return &v.state 664 case 1: 665 return &v.sizeCache 666 case 2: 667 return &v.unknownFields 668 default: 669 return nil 670 } 671 } 672 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 673 switch v := v.(*Binding); i { 674 case 0: 675 return &v.state 676 case 1: 677 return &v.sizeCache 678 case 2: 679 return &v.unknownFields 680 default: 681 return nil 682 } 683 } 684 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 685 switch v := v.(*Condition); i { 686 case 0: 687 return &v.state 688 case 1: 689 return &v.sizeCache 690 case 2: 691 return &v.unknownFields 692 default: 693 return nil 694 } 695 } 696 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { 697 switch v := v.(*CustomRole); i { 698 case 0: 699 return &v.state 700 case 1: 701 return &v.sizeCache 702 case 2: 703 return &v.unknownFields 704 default: 705 return nil 706 } 707 } 708 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { 709 switch v := v.(*Condition_AttributeRestriction); i { 710 case 0: 711 return &v.state 712 case 1: 713 return &v.sizeCache 714 case 2: 715 return &v.unknownFields 716 default: 717 return nil 718 } 719 } 720 } 721 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes[3].OneofWrappers = []interface{}{ 722 (*Condition_Restrict)(nil), 723 } 724 type x struct{} 725 out := protoimpl.TypeBuilder{ 726 File: protoimpl.DescBuilder{ 727 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 728 RawDescriptor: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc, 729 NumEnums: 0, 730 NumMessages: 6, 731 NumExtensions: 0, 732 NumServices: 0, 733 }, 734 GoTypes: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes, 735 DependencyIndexes: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs, 736 MessageInfos: file_go_chromium_org_luci_common_proto_realms_realms_config_proto_msgTypes, 737 }.Build() 738 File_go_chromium_org_luci_common_proto_realms_realms_config_proto = out.File 739 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_rawDesc = nil 740 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_goTypes = nil 741 file_go_chromium_org_luci_common_proto_realms_realms_config_proto_depIdxs = nil 742 }