go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/api/admin/v1/config.pb.go (about) 1 // Copyright 2016 The LUCI Authors. All rights reserved. 2 // Use of this source code is governed under the Apache License, Version 2.0 3 // that can be found in the LICENSE file. 4 5 // Code generated by protoc-gen-go. DO NOT EDIT. 6 // versions: 7 // protoc-gen-go v1.31.0 8 // protoc v3.21.7 9 // source: go.chromium.org/luci/tokenserver/api/admin/v1/config.proto 10 11 package admin 12 13 import ( 14 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 15 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 16 reflect "reflect" 17 sync "sync" 18 ) 19 20 const ( 21 // Verify that this generated code is sufficiently up-to-date. 22 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 23 // Verify that runtime/protoimpl is sufficiently up-to-date. 24 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 25 ) 26 27 // TokenServerConfig is read from tokenserver.cfg in luci-config. 28 type TokenServerConfig struct { 29 state protoimpl.MessageState 30 sizeCache protoimpl.SizeCache 31 unknownFields protoimpl.UnknownFields 32 33 // List of CAs we trust. 34 CertificateAuthority []*CertificateAuthorityConfig `protobuf:"bytes,1,rep,name=certificate_authority,json=certificateAuthority,proto3" json:"certificate_authority,omitempty"` 35 } 36 37 func (x *TokenServerConfig) Reset() { 38 *x = TokenServerConfig{} 39 if protoimpl.UnsafeEnabled { 40 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[0] 41 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 42 ms.StoreMessageInfo(mi) 43 } 44 } 45 46 func (x *TokenServerConfig) String() string { 47 return protoimpl.X.MessageStringOf(x) 48 } 49 50 func (*TokenServerConfig) ProtoMessage() {} 51 52 func (x *TokenServerConfig) ProtoReflect() protoreflect.Message { 53 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[0] 54 if protoimpl.UnsafeEnabled && x != nil { 55 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 56 if ms.LoadMessageInfo() == nil { 57 ms.StoreMessageInfo(mi) 58 } 59 return ms 60 } 61 return mi.MessageOf(x) 62 } 63 64 // Deprecated: Use TokenServerConfig.ProtoReflect.Descriptor instead. 65 func (*TokenServerConfig) Descriptor() ([]byte, []int) { 66 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{0} 67 } 68 69 func (x *TokenServerConfig) GetCertificateAuthority() []*CertificateAuthorityConfig { 70 if x != nil { 71 return x.CertificateAuthority 72 } 73 return nil 74 } 75 76 // CertificateAuthorityConfig defines a single CA we trust. 77 // 78 // Such CA issues certificates for nodes that use The Token Service. Each node 79 // has a private key and certificate with Common Name set to the FQDN of this 80 // node, e.g. "CN=slave43-c1.c.chromecompute.google.com.internal". 81 // 82 // The Token Server uses this CN to derive an identity string for a machine. It 83 // splits FQDN into a hostname ("slave43-c1") and a domain name 84 // ("c.chromecompute.google.com.internal"), searches for a domain name in 85 // "known_domains" set, and, if it is present, uses parameters described there 86 // for generating a token that contains machine's FQDN and certificate serial 87 // number (among other things, see MachineTokenBody in machine_token.proto). 88 type CertificateAuthorityConfig struct { 89 state protoimpl.MessageState 90 sizeCache protoimpl.SizeCache 91 unknownFields protoimpl.UnknownFields 92 93 UniqueId int64 `protobuf:"varint,6,opt,name=unique_id,json=uniqueId,proto3" json:"unique_id,omitempty"` // ID of this CA, will be embedded into tokens. 94 Cn string `protobuf:"bytes,1,opt,name=cn,proto3" json:"cn,omitempty"` // CA Common Name, must match Subject CN in the cert 95 CertPath string `protobuf:"bytes,2,opt,name=cert_path,json=certPath,proto3" json:"cert_path,omitempty"` // path to the root certificate file in luci-config 96 CrlUrl string `protobuf:"bytes,3,opt,name=crl_url,json=crlUrl,proto3" json:"crl_url,omitempty"` // where to fetch CRL from 97 UseOauth bool `protobuf:"varint,4,opt,name=use_oauth,json=useOauth,proto3" json:"use_oauth,omitempty"` // true to send Authorization header when fetching CRL 98 OauthScopes []string `protobuf:"bytes,7,rep,name=oauth_scopes,json=oauthScopes,proto3" json:"oauth_scopes,omitempty"` // OAuth scopes to use when fetching CRL 99 // KnownDomains describes parameters to use for each particular domain. 100 KnownDomains []*DomainConfig `protobuf:"bytes,5,rep,name=known_domains,json=knownDomains,proto3" json:"known_domains,omitempty"` 101 } 102 103 func (x *CertificateAuthorityConfig) Reset() { 104 *x = CertificateAuthorityConfig{} 105 if protoimpl.UnsafeEnabled { 106 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[1] 107 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 108 ms.StoreMessageInfo(mi) 109 } 110 } 111 112 func (x *CertificateAuthorityConfig) String() string { 113 return protoimpl.X.MessageStringOf(x) 114 } 115 116 func (*CertificateAuthorityConfig) ProtoMessage() {} 117 118 func (x *CertificateAuthorityConfig) ProtoReflect() protoreflect.Message { 119 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[1] 120 if protoimpl.UnsafeEnabled && x != nil { 121 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 122 if ms.LoadMessageInfo() == nil { 123 ms.StoreMessageInfo(mi) 124 } 125 return ms 126 } 127 return mi.MessageOf(x) 128 } 129 130 // Deprecated: Use CertificateAuthorityConfig.ProtoReflect.Descriptor instead. 131 func (*CertificateAuthorityConfig) Descriptor() ([]byte, []int) { 132 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{1} 133 } 134 135 func (x *CertificateAuthorityConfig) GetUniqueId() int64 { 136 if x != nil { 137 return x.UniqueId 138 } 139 return 0 140 } 141 142 func (x *CertificateAuthorityConfig) GetCn() string { 143 if x != nil { 144 return x.Cn 145 } 146 return "" 147 } 148 149 func (x *CertificateAuthorityConfig) GetCertPath() string { 150 if x != nil { 151 return x.CertPath 152 } 153 return "" 154 } 155 156 func (x *CertificateAuthorityConfig) GetCrlUrl() string { 157 if x != nil { 158 return x.CrlUrl 159 } 160 return "" 161 } 162 163 func (x *CertificateAuthorityConfig) GetUseOauth() bool { 164 if x != nil { 165 return x.UseOauth 166 } 167 return false 168 } 169 170 func (x *CertificateAuthorityConfig) GetOauthScopes() []string { 171 if x != nil { 172 return x.OauthScopes 173 } 174 return nil 175 } 176 177 func (x *CertificateAuthorityConfig) GetKnownDomains() []*DomainConfig { 178 if x != nil { 179 return x.KnownDomains 180 } 181 return nil 182 } 183 184 // DomainConfig is used inside CertificateAuthorityConfig. 185 type DomainConfig struct { 186 state protoimpl.MessageState 187 sizeCache protoimpl.SizeCache 188 unknownFields protoimpl.UnknownFields 189 190 // Domain is domain names of hosts this config applies to. 191 // 192 // Machines that reside in a subdomain of given domain are also considered 193 // part of it, e.g. both FQDNs "host.example.com" and "host.abc.example.com" 194 // match domain "example.com". 195 Domain []string `protobuf:"bytes,1,rep,name=domain,proto3" json:"domain,omitempty"` 196 // MachineTokenLifetime is how long generated machine tokens live, in seconds. 197 // 198 // If 0, machine tokens are not allowed. 199 MachineTokenLifetime int64 `protobuf:"varint,5,opt,name=machine_token_lifetime,json=machineTokenLifetime,proto3" json:"machine_token_lifetime,omitempty"` 200 } 201 202 func (x *DomainConfig) Reset() { 203 *x = DomainConfig{} 204 if protoimpl.UnsafeEnabled { 205 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[2] 206 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 207 ms.StoreMessageInfo(mi) 208 } 209 } 210 211 func (x *DomainConfig) String() string { 212 return protoimpl.X.MessageStringOf(x) 213 } 214 215 func (*DomainConfig) ProtoMessage() {} 216 217 func (x *DomainConfig) ProtoReflect() protoreflect.Message { 218 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[2] 219 if protoimpl.UnsafeEnabled && x != nil { 220 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 221 if ms.LoadMessageInfo() == nil { 222 ms.StoreMessageInfo(mi) 223 } 224 return ms 225 } 226 return mi.MessageOf(x) 227 } 228 229 // Deprecated: Use DomainConfig.ProtoReflect.Descriptor instead. 230 func (*DomainConfig) Descriptor() ([]byte, []int) { 231 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{2} 232 } 233 234 func (x *DomainConfig) GetDomain() []string { 235 if x != nil { 236 return x.Domain 237 } 238 return nil 239 } 240 241 func (x *DomainConfig) GetMachineTokenLifetime() int64 { 242 if x != nil { 243 return x.MachineTokenLifetime 244 } 245 return 0 246 } 247 248 // DelegationPermissions is read from delegation.cfg in luci-config. 249 type DelegationPermissions struct { 250 state protoimpl.MessageState 251 sizeCache protoimpl.SizeCache 252 unknownFields protoimpl.UnknownFields 253 254 // Rules specify what calls to MintDelegationToken are allowed. 255 // 256 // Rules are evaluated independently. One and only one rule should match the 257 // request to allow the operation. If none rules or more than one rule match, 258 // the request will be denied. 259 // 260 // See DelegationRule comments for more details. 261 Rules []*DelegationRule `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` 262 } 263 264 func (x *DelegationPermissions) Reset() { 265 *x = DelegationPermissions{} 266 if protoimpl.UnsafeEnabled { 267 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[3] 268 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 269 ms.StoreMessageInfo(mi) 270 } 271 } 272 273 func (x *DelegationPermissions) String() string { 274 return protoimpl.X.MessageStringOf(x) 275 } 276 277 func (*DelegationPermissions) ProtoMessage() {} 278 279 func (x *DelegationPermissions) ProtoReflect() protoreflect.Message { 280 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[3] 281 if protoimpl.UnsafeEnabled && x != nil { 282 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 283 if ms.LoadMessageInfo() == nil { 284 ms.StoreMessageInfo(mi) 285 } 286 return ms 287 } 288 return mi.MessageOf(x) 289 } 290 291 // Deprecated: Use DelegationPermissions.ProtoReflect.Descriptor instead. 292 func (*DelegationPermissions) Descriptor() ([]byte, []int) { 293 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{3} 294 } 295 296 func (x *DelegationPermissions) GetRules() []*DelegationRule { 297 if x != nil { 298 return x.Rules 299 } 300 return nil 301 } 302 303 // DelegationRule describes a single allowed case of using delegation tokens. 304 // 305 // An incoming MintDelegationTokenRequest is basically a tuple of: 306 // - 'requestor_id' - an identity of whoever makes the request. 307 // - 'delegated_identity' - an identity to delegate. 308 // - 'audience' - a set of identities that will be able to use the token. 309 // - 'services' - a set of services that should accept the token. 310 // 311 // A request matches a rule iff: 312 // - 'requestor_id' is in 'requestor' set. 313 // - 'delegated_identity' is in 'allowed_to_impersonate' set. 314 // - 'audience' is a subset of 'allowed_audience' set. 315 // - 'services' is a subset of 'target_service' set. 316 // 317 // The presence of a matching rule permits to mint the token. The rule also 318 // provides an upper bound on allowed validity_duration, and the rule's name 319 // is logged in the audit trail. 320 type DelegationRule struct { 321 state protoimpl.MessageState 322 sizeCache protoimpl.SizeCache 323 unknownFields protoimpl.UnknownFields 324 325 // A descriptive name of this rule, for the audit log. 326 Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` 327 // Email of developers that own this rule, to know who to contact. 328 Owner []string `protobuf:"bytes,2,rep,name=owner,proto3" json:"owner,omitempty"` 329 // A set of callers to which this rule applies. 330 // 331 // Matched against verified credentials of a caller of MintDelegationToken. 332 // 333 // Each element is either: 334 // - An identity string ("user:<email>"). 335 // - A group reference ("group:<name>"). 336 // 337 // The groups specified here are expanded when MintDelegationTokenRequest is 338 // evaluated. 339 Requestor []string `protobuf:"bytes,3,rep,name=requestor,proto3" json:"requestor,omitempty"` 340 // Identities that are allowed to be delegated/impersonated by the requestor. 341 // 342 // Matched against 'delegated_identity' field of MintDelegationTokenRequest. 343 // 344 // Each element is either: 345 // - An identity string ("user:<email>"). 346 // - A group reference ("group:<name>"). 347 // - A special identifier "REQUESTOR" that is substituted by the requestor 348 // identity when evaluating the rule. 349 // 350 // "REQUESTOR" allows one to generate tokens that delegate their own identity 351 // to some target audience. 352 // 353 // The groups specified here are expanded when MintDelegationTokenRequest is 354 // evaluated. 355 AllowedToImpersonate []string `protobuf:"bytes,4,rep,name=allowed_to_impersonate,json=allowedToImpersonate,proto3" json:"allowed_to_impersonate,omitempty"` 356 // A set of identities that should be able to use the new token. 357 // 358 // Matched against 'audience' field of MintDelegationTokenRequest. 359 // 360 // Each element is either: 361 // - An identity string ("user:<email>"). 362 // - A group reference ("group:<name>"). 363 // - A special identifier "REQUESTOR" that is substituted by the requestor 364 // identity when evaluating the rule. 365 // - A special token "*" that means "any bearer can use the new token, 366 // including anonymous". 367 // 368 // "REQUESTOR" is typically used here for rules that allow requestors to 369 // impersonate someone else. The corresponding tokens have the requestor as 370 // the only allowed audience. 371 // 372 // The groups specified here are NOT expanded when MintDelegationTokenRequest 373 // is evaluated. To match the rule, MintDelegationTokenRequest must specify 374 // subset of 'allowed_audience' groups explicitly in 'audience' field. 375 AllowedAudience []string `protobuf:"bytes,5,rep,name=allowed_audience,json=allowedAudience,proto3" json:"allowed_audience,omitempty"` 376 // A set of services that should be able to accept the new token. 377 // 378 // Matched against 'services' field of MintDelegationTokenRequest. 379 // 380 // Each element is either: 381 // - A service identity string ("service:<id>"). 382 // - A special token "*" that mean "any LUCI service should accept the 383 // token". 384 TargetService []string `protobuf:"bytes,6,rep,name=target_service,json=targetService,proto3" json:"target_service,omitempty"` 385 // Maximum allowed validity duration (sec) of minted delegation tokens. 386 // 387 // Default is 12 hours. 388 MaxValidityDuration int64 `protobuf:"varint,7,opt,name=max_validity_duration,json=maxValidityDuration,proto3" json:"max_validity_duration,omitempty"` 389 } 390 391 func (x *DelegationRule) Reset() { 392 *x = DelegationRule{} 393 if protoimpl.UnsafeEnabled { 394 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[4] 395 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 396 ms.StoreMessageInfo(mi) 397 } 398 } 399 400 func (x *DelegationRule) String() string { 401 return protoimpl.X.MessageStringOf(x) 402 } 403 404 func (*DelegationRule) ProtoMessage() {} 405 406 func (x *DelegationRule) ProtoReflect() protoreflect.Message { 407 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[4] 408 if protoimpl.UnsafeEnabled && x != nil { 409 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 410 if ms.LoadMessageInfo() == nil { 411 ms.StoreMessageInfo(mi) 412 } 413 return ms 414 } 415 return mi.MessageOf(x) 416 } 417 418 // Deprecated: Use DelegationRule.ProtoReflect.Descriptor instead. 419 func (*DelegationRule) Descriptor() ([]byte, []int) { 420 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{4} 421 } 422 423 func (x *DelegationRule) GetName() string { 424 if x != nil { 425 return x.Name 426 } 427 return "" 428 } 429 430 func (x *DelegationRule) GetOwner() []string { 431 if x != nil { 432 return x.Owner 433 } 434 return nil 435 } 436 437 func (x *DelegationRule) GetRequestor() []string { 438 if x != nil { 439 return x.Requestor 440 } 441 return nil 442 } 443 444 func (x *DelegationRule) GetAllowedToImpersonate() []string { 445 if x != nil { 446 return x.AllowedToImpersonate 447 } 448 return nil 449 } 450 451 func (x *DelegationRule) GetAllowedAudience() []string { 452 if x != nil { 453 return x.AllowedAudience 454 } 455 return nil 456 } 457 458 func (x *DelegationRule) GetTargetService() []string { 459 if x != nil { 460 return x.TargetService 461 } 462 return nil 463 } 464 465 func (x *DelegationRule) GetMaxValidityDuration() int64 { 466 if x != nil { 467 return x.MaxValidityDuration 468 } 469 return 0 470 } 471 472 // ServiceAccountsProjectMapping defines what service accounts belong to what 473 // LUCI projects. 474 // 475 // Used by MintServiceAccountToken RPC as a final authorization step, after 476 // checking that the usage of the service account is allowed by Realms ACLs. 477 // 478 // This is a stop gap solution until the Token Server learns to use 479 // project-scoped accounts when calling Cloud IAM. Once this happens, we can 480 // move information contained in ServiceAccountsProjectMapping into Cloud IAM 481 // permissions. 482 // 483 // This message is stored as project_owned_accounts.cfg in luci-config. 484 type ServiceAccountsProjectMapping struct { 485 state protoimpl.MessageState 486 sizeCache protoimpl.SizeCache 487 unknownFields protoimpl.UnknownFields 488 489 // Each entry maps a bunch of service accounts to one or more projects. 490 Mapping []*ServiceAccountsProjectMapping_Mapping `protobuf:"bytes,1,rep,name=mapping,proto3" json:"mapping,omitempty"` 491 // A list of LUCI project names for which service account impersonation should 492 // be done using LUCI project-scoped account as a delegate. This allows to 493 // move "LUCI project => allowed service account" mapping into IAM policies, 494 // making `mapping` above obsolete. 495 // 496 // If a LUCI project belongs to this list, it must not have any entries in 497 // the `mapping` field above. 498 UseProjectScopedAccount []string `protobuf:"bytes,2,rep,name=use_project_scoped_account,json=useProjectScopedAccount,proto3" json:"use_project_scoped_account,omitempty"` 499 } 500 501 func (x *ServiceAccountsProjectMapping) Reset() { 502 *x = ServiceAccountsProjectMapping{} 503 if protoimpl.UnsafeEnabled { 504 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[5] 505 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 506 ms.StoreMessageInfo(mi) 507 } 508 } 509 510 func (x *ServiceAccountsProjectMapping) String() string { 511 return protoimpl.X.MessageStringOf(x) 512 } 513 514 func (*ServiceAccountsProjectMapping) ProtoMessage() {} 515 516 func (x *ServiceAccountsProjectMapping) ProtoReflect() protoreflect.Message { 517 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[5] 518 if protoimpl.UnsafeEnabled && x != nil { 519 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 520 if ms.LoadMessageInfo() == nil { 521 ms.StoreMessageInfo(mi) 522 } 523 return ms 524 } 525 return mi.MessageOf(x) 526 } 527 528 // Deprecated: Use ServiceAccountsProjectMapping.ProtoReflect.Descriptor instead. 529 func (*ServiceAccountsProjectMapping) Descriptor() ([]byte, []int) { 530 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{5} 531 } 532 533 func (x *ServiceAccountsProjectMapping) GetMapping() []*ServiceAccountsProjectMapping_Mapping { 534 if x != nil { 535 return x.Mapping 536 } 537 return nil 538 } 539 540 func (x *ServiceAccountsProjectMapping) GetUseProjectScopedAccount() []string { 541 if x != nil { 542 return x.UseProjectScopedAccount 543 } 544 return nil 545 } 546 547 type ServiceAccountsProjectMapping_Mapping struct { 548 state protoimpl.MessageState 549 sizeCache protoimpl.SizeCache 550 unknownFields protoimpl.UnknownFields 551 552 // Names of LUCI projects. 553 Project []string `protobuf:"bytes,1,rep,name=project,proto3" json:"project,omitempty"` 554 // Emails of service accounts allowed to be used by all these projects. 555 ServiceAccount []string `protobuf:"bytes,2,rep,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` 556 } 557 558 func (x *ServiceAccountsProjectMapping_Mapping) Reset() { 559 *x = ServiceAccountsProjectMapping_Mapping{} 560 if protoimpl.UnsafeEnabled { 561 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[6] 562 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 563 ms.StoreMessageInfo(mi) 564 } 565 } 566 567 func (x *ServiceAccountsProjectMapping_Mapping) String() string { 568 return protoimpl.X.MessageStringOf(x) 569 } 570 571 func (*ServiceAccountsProjectMapping_Mapping) ProtoMessage() {} 572 573 func (x *ServiceAccountsProjectMapping_Mapping) ProtoReflect() protoreflect.Message { 574 mi := &file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[6] 575 if protoimpl.UnsafeEnabled && x != nil { 576 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 577 if ms.LoadMessageInfo() == nil { 578 ms.StoreMessageInfo(mi) 579 } 580 return ms 581 } 582 return mi.MessageOf(x) 583 } 584 585 // Deprecated: Use ServiceAccountsProjectMapping_Mapping.ProtoReflect.Descriptor instead. 586 func (*ServiceAccountsProjectMapping_Mapping) Descriptor() ([]byte, []int) { 587 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP(), []int{5, 0} 588 } 589 590 func (x *ServiceAccountsProjectMapping_Mapping) GetProject() []string { 591 if x != nil { 592 return x.Project 593 } 594 return nil 595 } 596 597 func (x *ServiceAccountsProjectMapping_Mapping) GetServiceAccount() []string { 598 if x != nil { 599 return x.ServiceAccount 600 } 601 return nil 602 } 603 604 var File_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto protoreflect.FileDescriptor 605 606 var file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDesc = []byte{ 607 0x0a, 0x3a, 0x67, 0x6f, 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 0x6f, 0x72, 608 0x67, 0x2f, 0x6c, 0x75, 0x63, 0x69, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 609 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 610 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x74, 0x6f, 611 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x22, 612 0x77, 0x0a, 0x11, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 613 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x15, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 614 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 615 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x65, 616 0x72, 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 617 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x43, 0x6f, 0x6e, 0x66, 618 0x69, 0x67, 0x52, 0x14, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 619 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x85, 0x02, 0x0a, 0x1a, 0x43, 0x65, 0x72, 620 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 621 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x6e, 0x69, 0x71, 0x75, 622 0x65, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x75, 0x6e, 0x69, 0x71, 623 0x75, 0x65, 0x49, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 624 0x52, 0x02, 0x63, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x70, 0x61, 0x74, 625 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x50, 0x61, 0x74, 626 0x68, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x72, 0x6c, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 627 0x28, 0x09, 0x52, 0x06, 0x63, 0x72, 0x6c, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x73, 628 0x65, 0x5f, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x75, 629 0x73, 0x65, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 630 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x6f, 631 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x0d, 0x6b, 0x6e, 632 0x6f, 0x77, 0x6e, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 633 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 634 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 635 0x69, 0x67, 0x52, 0x0c, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 636 0x22, 0x74, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 637 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 638 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x34, 0x0a, 0x16, 0x6d, 0x61, 0x63, 0x68, 639 0x69, 0x6e, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x6c, 0x69, 0x66, 0x65, 0x74, 0x69, 640 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 641 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x66, 0x65, 0x74, 0x69, 0x6d, 0x65, 0x4a, 0x04, 642 0x08, 0x02, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 643 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x22, 0x50, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 644 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 645 0x37, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 646 0x2e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x61, 0x64, 0x6d, 647 0x69, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, 648 0x65, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x94, 0x02, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 649 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 650 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 651 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 652 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 653 0x6f, 0x72, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 654 0x74, 0x6f, 0x72, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x74, 655 0x6f, 0x5f, 0x69, 0x6d, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 656 0x03, 0x28, 0x09, 0x52, 0x14, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x54, 0x6f, 0x49, 0x6d, 657 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x74, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x61, 0x6c, 0x6c, 658 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x05, 0x20, 659 0x03, 0x28, 0x09, 0x52, 0x0f, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x41, 0x75, 0x64, 0x69, 660 0x65, 0x6e, 0x63, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x73, 661 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x61, 662 0x72, 0x67, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x32, 0x0a, 0x15, 0x6d, 663 0x61, 0x78, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x69, 0x74, 0x79, 0x5f, 0x64, 0x75, 0x72, 0x61, 664 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x13, 0x6d, 0x61, 0x78, 0x56, 665 0x61, 0x6c, 0x69, 0x64, 0x69, 0x74, 0x79, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 666 0xfe, 0x01, 0x0a, 0x1d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 667 0x6e, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 668 0x67, 0x12, 0x52, 0x0a, 0x07, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x03, 669 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 670 0x2e, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 671 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 672 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x6d, 0x61, 673 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3b, 0x0a, 0x1a, 0x75, 0x73, 0x65, 0x5f, 0x70, 0x72, 0x6f, 674 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x63, 0x6f, 675 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x75, 0x73, 0x65, 0x50, 0x72, 676 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x64, 0x41, 0x63, 0x63, 0x6f, 0x75, 677 0x6e, 0x74, 0x1a, 0x4c, 0x0a, 0x07, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 678 0x07, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 679 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 680 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 681 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 682 0x42, 0x35, 0x5a, 0x33, 0x67, 0x6f, 0x2e, 0x63, 0x68, 0x72, 0x6f, 0x6d, 0x69, 0x75, 0x6d, 0x2e, 683 0x6f, 0x72, 0x67, 0x2f, 0x6c, 0x75, 0x63, 0x69, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x65, 684 0x72, 0x76, 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2f, 0x76, 685 0x31, 0x3b, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 686 } 687 688 var ( 689 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescOnce sync.Once 690 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescData = file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDesc 691 ) 692 693 func file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescGZIP() []byte { 694 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescOnce.Do(func() { 695 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescData) 696 }) 697 return file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDescData 698 } 699 700 var file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 7) 701 var file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_goTypes = []interface{}{ 702 (*TokenServerConfig)(nil), // 0: tokenserver.admin.TokenServerConfig 703 (*CertificateAuthorityConfig)(nil), // 1: tokenserver.admin.CertificateAuthorityConfig 704 (*DomainConfig)(nil), // 2: tokenserver.admin.DomainConfig 705 (*DelegationPermissions)(nil), // 3: tokenserver.admin.DelegationPermissions 706 (*DelegationRule)(nil), // 4: tokenserver.admin.DelegationRule 707 (*ServiceAccountsProjectMapping)(nil), // 5: tokenserver.admin.ServiceAccountsProjectMapping 708 (*ServiceAccountsProjectMapping_Mapping)(nil), // 6: tokenserver.admin.ServiceAccountsProjectMapping.Mapping 709 } 710 var file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_depIdxs = []int32{ 711 1, // 0: tokenserver.admin.TokenServerConfig.certificate_authority:type_name -> tokenserver.admin.CertificateAuthorityConfig 712 2, // 1: tokenserver.admin.CertificateAuthorityConfig.known_domains:type_name -> tokenserver.admin.DomainConfig 713 4, // 2: tokenserver.admin.DelegationPermissions.rules:type_name -> tokenserver.admin.DelegationRule 714 6, // 3: tokenserver.admin.ServiceAccountsProjectMapping.mapping:type_name -> tokenserver.admin.ServiceAccountsProjectMapping.Mapping 715 4, // [4:4] is the sub-list for method output_type 716 4, // [4:4] is the sub-list for method input_type 717 4, // [4:4] is the sub-list for extension type_name 718 4, // [4:4] is the sub-list for extension extendee 719 0, // [0:4] is the sub-list for field type_name 720 } 721 722 func init() { file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_init() } 723 func file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_init() { 724 if File_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto != nil { 725 return 726 } 727 if !protoimpl.UnsafeEnabled { 728 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 729 switch v := v.(*TokenServerConfig); i { 730 case 0: 731 return &v.state 732 case 1: 733 return &v.sizeCache 734 case 2: 735 return &v.unknownFields 736 default: 737 return nil 738 } 739 } 740 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 741 switch v := v.(*CertificateAuthorityConfig); i { 742 case 0: 743 return &v.state 744 case 1: 745 return &v.sizeCache 746 case 2: 747 return &v.unknownFields 748 default: 749 return nil 750 } 751 } 752 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 753 switch v := v.(*DomainConfig); i { 754 case 0: 755 return &v.state 756 case 1: 757 return &v.sizeCache 758 case 2: 759 return &v.unknownFields 760 default: 761 return nil 762 } 763 } 764 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 765 switch v := v.(*DelegationPermissions); i { 766 case 0: 767 return &v.state 768 case 1: 769 return &v.sizeCache 770 case 2: 771 return &v.unknownFields 772 default: 773 return nil 774 } 775 } 776 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { 777 switch v := v.(*DelegationRule); i { 778 case 0: 779 return &v.state 780 case 1: 781 return &v.sizeCache 782 case 2: 783 return &v.unknownFields 784 default: 785 return nil 786 } 787 } 788 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { 789 switch v := v.(*ServiceAccountsProjectMapping); i { 790 case 0: 791 return &v.state 792 case 1: 793 return &v.sizeCache 794 case 2: 795 return &v.unknownFields 796 default: 797 return nil 798 } 799 } 800 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { 801 switch v := v.(*ServiceAccountsProjectMapping_Mapping); i { 802 case 0: 803 return &v.state 804 case 1: 805 return &v.sizeCache 806 case 2: 807 return &v.unknownFields 808 default: 809 return nil 810 } 811 } 812 } 813 type x struct{} 814 out := protoimpl.TypeBuilder{ 815 File: protoimpl.DescBuilder{ 816 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 817 RawDescriptor: file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDesc, 818 NumEnums: 0, 819 NumMessages: 7, 820 NumExtensions: 0, 821 NumServices: 0, 822 }, 823 GoTypes: file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_goTypes, 824 DependencyIndexes: file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_depIdxs, 825 MessageInfos: file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_msgTypes, 826 }.Build() 827 File_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto = out.File 828 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_rawDesc = nil 829 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_goTypes = nil 830 file_go_chromium_org_luci_tokenserver_api_admin_v1_config_proto_depIdxs = nil 831 }