go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/common/proto/sidecar/auth_grpc.pb.go

// Copyright 2023 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.3.0
// - protoc             v3.21.7
// source: go.chromium.org/luci/common/proto/sidecar/auth.proto

package sidecar

import (
	context "context"
	grpc "google.golang.org/grpc"
	codes "google.golang.org/grpc/codes"
	status "google.golang.org/grpc/status"
)

// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.32.0 or later.
const _ = grpc.SupportPackageIsVersion7

const (
	Auth_Authenticate_FullMethodName  = "/luci.sidecar.Auth/Authenticate"
	Auth_IsMember_FullMethodName      = "/luci.sidecar.Auth/IsMember"
	Auth_HasPermission_FullMethodName = "/luci.sidecar.Auth/HasPermission"
)

// AuthClient is the client API for Auth service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type AuthClient interface {
	// Authenticate receives metadata of the incoming call and uses it to
	// authenticate the caller, i.e. it extracts appropriate credentials and
	// verifies they are valid.
	//
	// Optionally checks if the authenticated identity is a member of groups
	// given by `groups` request field, returning groups the identity is a member
	// of in `groups` response field (which will be a subset of groups passed in
	// the request). This is useful for implementing simple broad group-based
	// authorization checks skipping extra RPCs. For more flexible checks see
	// IsMember and HasPermission RPCs.
	//
	// Returns:
	//   - OK if the server understood the request and performed the
	//     authentication. The outcome (which can include an error if credentials
	//     are invalid) is available as part of AuthenticateResponse. OK is
	//     returned as well if the request doesn't have credentials attached at
	//     all or they were invalid. In that case AuthenticateResponse contains
	//     `anonymous` or `error` outcomes respectively.
	//   - UNAUTHENTICATED if the call to the sidecar server itself failed due to
	//     invalid (corrupted, expired, etc) RPC credentials, i.e. credentials of
	//     the sidecar client itself, not credentials inside AuthenticateRequest.
	//     This response MUST be presented as INTERNAL error to the end user,
	//     since it indicates some internal misconfiguration between the
	//     application server and the sidecar service, unrelated to credentials
	//     sent by the end-user.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	Authenticate(ctx context.Context, in *AuthenticateRequest, opts ...grpc.CallOption) (*AuthenticateResponse, error)
	// IsMember checks if an identity belongs to any of the given groups.
	//
	// Returns:
	//   - OK with the outcome of the check (which may be negative) if the check
	//     was performed successfully.
	//   - INVALID_ARGUMENT if the request is malformed.
	//   - UNAUTHENTICATED if the call to the sidecar server failed due to invalid
	//     (corrupted, expired, etc) RPC credentials. This response MUST be
	//     presented as INTERNAL error to the end user, since it indicates some
	//     internal misconfiguration between the application server and the
	//     sidecar service.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	IsMember(ctx context.Context, in *IsMemberRequest, opts ...grpc.CallOption) (*IsMemberResponse, error)
	// HasPermission check if an identity has a permission in a realm.
	//
	// Can only check permissions registered when the sidecar server was started
	// via `-sidecar-subscribe-to-permission` command line flag. Checks for any
	// other permission will end up with INVALID_ARGUMENT error.
	//
	// Returns:
	//   - OK with the outcome of the check (which may be negative) if the check
	//     was performed successfully.
	//   - INVALID_ARGUMENT if the request is malformed or the specified
	//     permission was not registered with the sidecar server via
	//     `-sidecar-subscribe-to-permission` command line flag.
	//   - UNAUTHENTICATED if the call to the sidecar server failed due to invalid
	//     (corrupted, expired, etc) RPC credentials. This response MUST be
	//     presented as INTERNAL error to the end user, since it indicates some
	//     internal misconfiguration between the application server and the
	//     sidecar service.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	HasPermission(ctx context.Context, in *HasPermissionRequest, opts ...grpc.CallOption) (*HasPermissionResponse, error)
}

type authClient struct {
	cc grpc.ClientConnInterface
}

func NewAuthClient(cc grpc.ClientConnInterface) AuthClient {
	return &authClient{cc}
}

func (c *authClient) Authenticate(ctx context.Context, in *AuthenticateRequest, opts ...grpc.CallOption) (*AuthenticateResponse, error) {
	out := new(AuthenticateResponse)
	err := c.cc.Invoke(ctx, Auth_Authenticate_FullMethodName, in, out, opts...)
	if err != nil {
		return nil, err
	}
	return out, nil
}

func (c *authClient) IsMember(ctx context.Context, in *IsMemberRequest, opts ...grpc.CallOption) (*IsMemberResponse, error) {
	out := new(IsMemberResponse)
	err := c.cc.Invoke(ctx, Auth_IsMember_FullMethodName, in, out, opts...)
	if err != nil {
		return nil, err
	}
	return out, nil
}

func (c *authClient) HasPermission(ctx context.Context, in *HasPermissionRequest, opts ...grpc.CallOption) (*HasPermissionResponse, error) {
	out := new(HasPermissionResponse)
	err := c.cc.Invoke(ctx, Auth_HasPermission_FullMethodName, in, out, opts...)
	if err != nil {
		return nil, err
	}
	return out, nil
}

// AuthServer is the server API for Auth service.
// All implementations must embed UnimplementedAuthServer
// for forward compatibility
type AuthServer interface {
	// Authenticate receives metadata of the incoming call and uses it to
	// authenticate the caller, i.e. it extracts appropriate credentials and
	// verifies they are valid.
	//
	// Optionally checks if the authenticated identity is a member of groups
	// given by `groups` request field, returning groups the identity is a member
	// of in `groups` response field (which will be a subset of groups passed in
	// the request). This is useful for implementing simple broad group-based
	// authorization checks skipping extra RPCs. For more flexible checks see
	// IsMember and HasPermission RPCs.
	//
	// Returns:
	//   - OK if the server understood the request and performed the
	//     authentication. The outcome (which can include an error if credentials
	//     are invalid) is available as part of AuthenticateResponse. OK is
	//     returned as well if the request doesn't have credentials attached at
	//     all or they were invalid. In that case AuthenticateResponse contains
	//     `anonymous` or `error` outcomes respectively.
	//   - UNAUTHENTICATED if the call to the sidecar server itself failed due to
	//     invalid (corrupted, expired, etc) RPC credentials, i.e. credentials of
	//     the sidecar client itself, not credentials inside AuthenticateRequest.
	//     This response MUST be presented as INTERNAL error to the end user,
	//     since it indicates some internal misconfiguration between the
	//     application server and the sidecar service, unrelated to credentials
	//     sent by the end-user.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error)
	// IsMember checks if an identity belongs to any of the given groups.
	//
	// Returns:
	//   - OK with the outcome of the check (which may be negative) if the check
	//     was performed successfully.
	//   - INVALID_ARGUMENT if the request is malformed.
	//   - UNAUTHENTICATED if the call to the sidecar server failed due to invalid
	//     (corrupted, expired, etc) RPC credentials. This response MUST be
	//     presented as INTERNAL error to the end user, since it indicates some
	//     internal misconfiguration between the application server and the
	//     sidecar service.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	IsMember(context.Context, *IsMemberRequest) (*IsMemberResponse, error)
	// HasPermission check if an identity has a permission in a realm.
	//
	// Can only check permissions registered when the sidecar server was started
	// via `-sidecar-subscribe-to-permission` command line flag. Checks for any
	// other permission will end up with INVALID_ARGUMENT error.
	//
	// Returns:
	//   - OK with the outcome of the check (which may be negative) if the check
	//     was performed successfully.
	//   - INVALID_ARGUMENT if the request is malformed or the specified
	//     permission was not registered with the sidecar server via
	//     `-sidecar-subscribe-to-permission` command line flag.
	//   - UNAUTHENTICATED if the call to the sidecar server failed due to invalid
	//     (corrupted, expired, etc) RPC credentials. This response MUST be
	//     presented as INTERNAL error to the end user, since it indicates some
	//     internal misconfiguration between the application server and the
	//     sidecar service.
	//   - PERMISSION_DENIED if the call to the sidecar server itself is not
	//     allowed. This response MUST also be presented as INTERNAL error to
	//     the end user.
	//   - INTERNAL on transient internal errors that SHOULD be retried.
	HasPermission(context.Context, *HasPermissionRequest) (*HasPermissionResponse, error)
	mustEmbedUnimplementedAuthServer()
}

// UnimplementedAuthServer must be embedded to have forward compatible implementations.
type UnimplementedAuthServer struct {
}

func (UnimplementedAuthServer) Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error) {
	return nil, status.Errorf(codes.Unimplemented, "method Authenticate not implemented")
}
func (UnimplementedAuthServer) IsMember(context.Context, *IsMemberRequest) (*IsMemberResponse, error) {
	return nil, status.Errorf(codes.Unimplemented, "method IsMember not implemented")
}
func (UnimplementedAuthServer) HasPermission(context.Context, *HasPermissionRequest) (*HasPermissionResponse, error) {
	return nil, status.Errorf(codes.Unimplemented, "method HasPermission not implemented")
}
func (UnimplementedAuthServer) mustEmbedUnimplementedAuthServer() {}

// UnsafeAuthServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to AuthServer will
// result in compilation errors.
type UnsafeAuthServer interface {
	mustEmbedUnimplementedAuthServer()
}

func RegisterAuthServer(s grpc.ServiceRegistrar, srv AuthServer) {
	s.RegisterService(&Auth_ServiceDesc, srv)
}

func _Auth_Authenticate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
	in := new(AuthenticateRequest)
	if err := dec(in); err != nil {
		return nil, err
	}
	if interceptor == nil {
		return srv.(AuthServer).Authenticate(ctx, in)
	}
	info := &grpc.UnaryServerInfo{
		Server:     srv,
		FullMethod: Auth_Authenticate_FullMethodName,
	}
	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
		return srv.(AuthServer).Authenticate(ctx, req.(*AuthenticateRequest))
	}
	return interceptor(ctx, in, info, handler)
}

func _Auth_IsMember_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
	in := new(IsMemberRequest)
	if err := dec(in); err != nil {
		return nil, err
	}
	if interceptor == nil {
		return srv.(AuthServer).IsMember(ctx, in)
	}
	info := &grpc.UnaryServerInfo{
		Server:     srv,
		FullMethod: Auth_IsMember_FullMethodName,
	}
	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
		return srv.(AuthServer).IsMember(ctx, req.(*IsMemberRequest))
	}
	return interceptor(ctx, in, info, handler)
}

func _Auth_HasPermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
	in := new(HasPermissionRequest)
	if err := dec(in); err != nil {
		return nil, err
	}
	if interceptor == nil {
		return srv.(AuthServer).HasPermission(ctx, in)
	}
	info := &grpc.UnaryServerInfo{
		Server:     srv,
		FullMethod: Auth_HasPermission_FullMethodName,
	}
	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
		return srv.(AuthServer).HasPermission(ctx, req.(*HasPermissionRequest))
	}
	return interceptor(ctx, in, info, handler)
}

// Auth_ServiceDesc is the grpc.ServiceDesc for Auth service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var Auth_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "luci.sidecar.Auth",
	HandlerType: (*AuthServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Authenticate",
			Handler:    _Auth_Authenticate_Handler,
		},
		{
			MethodName: "IsMember",
			Handler:    _Auth_IsMember_Handler,
		},
		{
			MethodName: "HasPermission",
			Handler:    _Auth_HasPermission_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "go.chromium.org/luci/common/proto/sidecar/auth.proto",
}