go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/api/admin/v1/admin.proto (about) 1 // Copyright 2016 The LUCI Authors. All rights reserved. 2 // Use of this source code is governed under the Apache License, Version 2.0 3 // that can be found in the LICENSE file. 4 5 syntax = "proto3"; 6 7 package tokenserver.admin; 8 9 option go_package = "go.chromium.org/luci/tokenserver/api/admin/v1;admin"; 10 11 import "google/protobuf/empty.proto"; 12 13 import "go.chromium.org/luci/server/auth/delegation/messages/delegation.proto"; 14 import "go.chromium.org/luci/tokenserver/api/machine_token.proto"; 15 16 17 // Admin service is used by service administrators to manage the server. 18 service Admin { 19 // ImportCAConfigs makes the server read 'tokenserver.cfg'. 20 rpc ImportCAConfigs(google.protobuf.Empty) returns (ImportedConfigs); 21 22 // ImportDelegationConfigs makes the server read 'delegation.cfg'. 23 rpc ImportDelegationConfigs(google.protobuf.Empty) returns (ImportedConfigs); 24 25 // ImportProjectIdentityConfigs makes the server read 'projects.cfg'. 26 rpc ImportProjectIdentityConfigs(google.protobuf.Empty) returns (ImportedConfigs); 27 28 // ImportProjectOwnedAccountsConfigs makes the server read 'project_owned_accounts.cfg'. 29 rpc ImportProjectOwnedAccountsConfigs(google.protobuf.Empty) returns (ImportedConfigs); 30 31 // InspectMachineToken decodes a machine token and verifies it is valid. 32 // 33 // It verifies the token was signed by a private key of the token server and 34 // checks token's expiration time and revocation status. 35 // 36 // It tries to give as much information about the token and its status as 37 // possible (e.g. it checks for revocation status even if token is already 38 // expired). 39 // 40 // Administrators can use this call to debug issues with tokens. 41 // 42 // Returns: 43 // InspectMachineTokenResponse for tokens of supported kind. 44 // grpc.InvalidArgument error for unsupported token kind. 45 // grpc.Internal error for transient errors. 46 rpc InspectMachineToken(InspectMachineTokenRequest) returns (InspectMachineTokenResponse); 47 48 // InspectDelegationToken decodes a delegation token and verifies it is valid. 49 // 50 // It verifies the token was signed by a private key of the token server and 51 // checks token's expiration time. 52 // 53 // It tries to give as much information about the token and its status as 54 // possible (e.g. attempts to decode the body even if the signing key has been 55 // rotated already). 56 // 57 // Administrators can use this call to debug issues with tokens. 58 // 59 // Returns: 60 // InspectDelegationTokenResponse for tokens of supported kind. 61 // grpc.InvalidArgument error for unsupported token kind. 62 // grpc.Internal error for transient errors. 63 rpc InspectDelegationToken(InspectDelegationTokenRequest) returns (InspectDelegationTokenResponse); 64 } 65 66 67 // ImportedConfigs is returned by Import<something>Configs methods on success. 68 message ImportedConfigs { 69 // The revision of the configs that are now in the datastore. 70 // 71 // It's either the imported revision, if configs change, or a previously known 72 // revision, if configs at HEAD are same. 73 string revision = 1; 74 } 75 76 77 // InspectMachineTokenRequest is body of InspectMachineToken RPC call. 78 // 79 // It contains machine token of some kind. 80 message InspectMachineTokenRequest { 81 // The type of token being checked. 82 // 83 // Currently only LUCI_MACHINE_TOKEN is supported. This is also the default. 84 tokenserver.MachineTokenType token_type = 1; 85 86 // The token body. Exact meaning depends on token_type. 87 string token = 2; 88 } 89 90 91 // InspectMachineTokenResponse is return value of InspectMachineToken RPC call. 92 message InspectMachineTokenResponse { 93 // True if the token is valid. 94 // 95 // A token is valid if its signature is correct, it hasn't expired yet and 96 // the credentials it was built from (e.g. a certificate) wasn't revoked. 97 bool valid = 1; 98 99 // Human readable summary of why token is invalid. 100 // 101 // Summarizes the rest of the fields of this struct. Set only if 'valid' is 102 // false. 103 string invalidity_reason = 2; 104 105 // True if the token signature was verified. 106 // 107 // It means the token was generated by the token server and its body is not 108 // a garbage. Note that a token can be correctly signed, but invalid (if it 109 // has expired or was revoked). 110 // 111 // If 'signed' is false, the fields below may (or may not) be a garbage. 112 // 113 // The token server uses private keys managed by Google Cloud Platform, they 114 // are constantly being rotated and "old" signatures become invalid over time 115 // (when corresponding keys are rotated out of existence). 116 // 117 // If 'signed' is false, use the rest of the response only as FYI, possibly 118 // invalid or even maliciously constructed. 119 bool signed = 3; 120 121 // True if the token signature was verified and token hasn't expired yet. 122 // 123 // We use "non_" prefix to make default 'false' value safer. 124 bool non_expired = 4; 125 126 // True if the token signature was verified and the token wasn't revoked. 127 // 128 // It is possible for an expired token to be non revoked. They are independent 129 // properties. 130 // 131 // We use "non_" prefix to make default 'false' value safer. 132 bool non_revoked = 5; 133 134 // Id of a private key used to sign this token, if applicable. 135 string signing_key_id = 6; 136 137 // Name of a CA that issued the cert the token is based on, if applicable. 138 // 139 // Resolved from 'ca_id' field of the token body. 140 string cert_ca_name = 7; 141 142 // The decoded token body (depends on token_type request parameter). Empty if 143 // token was malformed and couldn't be deserialized. 144 oneof token_type { 145 tokenserver.MachineTokenBody luci_machine_token = 20; 146 } 147 } 148 149 150 // InspectDelegationTokenRequest is body of InspectDelegationToken RPC call. 151 message InspectDelegationTokenRequest { 152 // The token body. 153 string token = 1; 154 } 155 156 157 // InspectDelegationTokenResponse is return value of InspectDelegationToken RPC. 158 message InspectDelegationTokenResponse { 159 // True if the token is valid. 160 // 161 // A token is valid if its signature is correct and it hasn't expired yet. 162 bool valid = 1; 163 164 // Human readable summary of why token is invalid. 165 // 166 // Summarizes the rest of the fields of this struct. Set only if 'valid' is 167 // false. 168 string invalidity_reason = 2; 169 170 // True if the token signature was verified. 171 // 172 // It means the token was generated by the token server and its body is not 173 // a garbage. Note that a token can be correctly signed, but invalid (if it 174 // has expired). 175 // 176 // If 'signed' is false, the fields below may (or may not) be a garbage. 177 // 178 // The token server uses private keys managed by Google Cloud Platform, they 179 // are constantly being rotated and "old" signatures become invalid over time 180 // (when corresponding keys are rotated out of existence). 181 // 182 // If 'signed' is false, use the rest of the response only as FYI, possibly 183 // invalid or even maliciously constructed. 184 bool signed = 3; 185 186 // True if the token signature was verified and token hasn't expired yet. 187 // 188 // We use "non_" prefix to make default 'false' value safer. 189 bool non_expired = 4; 190 191 // The deserialized token envelope. 192 // 193 // May be empty if token was malformed and couldn't be deserialized. 194 messages.DelegationToken envelope = 5; 195 196 // The deserialized token body (deserialized 'envelope.serialized_subtoken'). 197 // 198 // May be empty if token was malformed and couldn't be deserialized. 199 messages.Subtoken subtoken = 6; 200 }