auth

package
v2.7.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// ContextTokenKey is the key of the auth token in an
	// authenticated context
	ContextTokenKey = constants.ContextTokenKey

	// ClusterRoleBindingKey is a key in etcd, in the roleBindings collection,
	// that contains the set of role bindings for the cluster. These are frequently
	// accessed so we cache them.
	ClusterRoleBindingKey = "CLUSTER:"

	// UserPrefix indicates that this Subject is a Pachyderm user synced from an IDP.
	UserPrefix = "user:"

	// RobotPrefix indicates that this Subject is a Pachyderm robot user. Any
	// string (with this prefix) is a logical Pachyderm robot user.
	RobotPrefix = "robot:"

	// InternalPrefix indicates that this Subject is internal to Pachyderm itself,
	// created to run a background task
	InternalPrefix = "internal:"

	// PipelinePrefix indicates that this Subject is a PPS pipeline. Any string
	// (with this prefix) is a logical PPS pipeline (even though the pipeline may
	// not exist).
	PipelinePrefix = "pipeline:"

	// PachPrefix indicates that this Subject is an internal Pachyderm user.
	PachPrefix = "pach:"

	// GroupPrefix indicates that this Subject is a group.
	GroupPrefix = "group:"

	// RootUser is the user created when auth is initialized. Only one token
	// can be created for this user (during auth activation) and they cannot
	// be removed from the set of cluster super-admins.
	RootUser = "pach:root"

	// ClusterAdminRole is the role for cluster admins, who have full access to all APIs
	ClusterAdminRole = "clusterAdmin"

	// RepoOwnerRole is a role which grants access to read, write and modify the role bindings for a repo
	RepoOwnerRole = "repoOwner"

	// RepoWriterRole is a role which grants ability to both read from and write to a repo
	RepoWriterRole = "repoWriter"

	// RepoReaderRole is a role which grants ability to both read from a repo
	RepoReaderRole = "repoReader"

	// IDPAdminRole is a role which grants the ability to configure OIDC apps.
	OIDCAppAdminRole = "oidcAppAdmin"

	// IDPAdminRole is a role which grants the ability to configure identity providers.
	IDPAdminRole = "idpAdmin"

	// IdentityAdmin is a role which grants the ability to configure the identity service.
	IdentityAdminRole = "identityAdmin"

	// DebuggerRole is a role which grants the ability to produce debug dumps.
	DebuggerRole = "debugger"

	// LokiLogReaderRole is a role which grants the ability to read logs from Loki.
	LokiLogReaderRole = "lokiLogReader"

	// RobotUserRole is a role which grants the ability to generate tokens for robot
	// users.
	RobotUserRole = "robotUser"

	// LicenseAdminRole is a role which grants the ability to register new
	// pachds with the license server, manage pachds and update the enterprise license.
	LicenseAdminRole = "licenseAdmin"

	// AllClusterUsersSubject is a subject which applies a role binding to all authenticated users
	AllClusterUsersSubject = "allClusterUsers"

	// SecretAdminRole is a role which grants the ability to manage secrets
	SecretAdminRole = "secretAdmin"

	// PachdLogReaderRole is a role which grants the ability to pull pachd logs
	PachdLogReaderRole = "pachdLogReader"

	// ProjectViewerRole is a role which grants the ability to view resources under a project, such as repos and pipelines
	ProjectViewerRole = "projectViewer"

	// ProjectWriterRole is a role which grants the ability to create resources under a project, such as repos and pipelines
	ProjectWriterRole = "projectWriter"

	// ProjectOwnerRole is a role which grants the ability to manage RoleBindings, as well as delete resources within a project
	ProjectOwnerRole = "projectOwner"

	// ProjectCreatorRole is a role which grants the ability to create projects
	ProjectCreatorRole = "projectCreator"
)
View Source 
const (
	API_Activate_FullMethodName                   = "/auth_v2.API/Activate"
	API_Deactivate_FullMethodName                 = "/auth_v2.API/Deactivate"
	API_GetConfiguration_FullMethodName           = "/auth_v2.API/GetConfiguration"
	API_SetConfiguration_FullMethodName           = "/auth_v2.API/SetConfiguration"
	API_Authenticate_FullMethodName               = "/auth_v2.API/Authenticate"
	API_Authorize_FullMethodName                  = "/auth_v2.API/Authorize"
	API_GetPermissions_FullMethodName             = "/auth_v2.API/GetPermissions"
	API_GetPermissionsForPrincipal_FullMethodName = "/auth_v2.API/GetPermissionsForPrincipal"
	API_WhoAmI_FullMethodName                     = "/auth_v2.API/WhoAmI"
	API_GetRolesForPermission_FullMethodName      = "/auth_v2.API/GetRolesForPermission"
	API_ModifyRoleBinding_FullMethodName          = "/auth_v2.API/ModifyRoleBinding"
	API_GetRoleBinding_FullMethodName             = "/auth_v2.API/GetRoleBinding"
	API_GetOIDCLogin_FullMethodName               = "/auth_v2.API/GetOIDCLogin"
	API_GetRobotToken_FullMethodName              = "/auth_v2.API/GetRobotToken"
	API_RevokeAuthToken_FullMethodName            = "/auth_v2.API/RevokeAuthToken"
	API_RevokeAuthTokensForUser_FullMethodName    = "/auth_v2.API/RevokeAuthTokensForUser"
	API_SetGroupsForUser_FullMethodName           = "/auth_v2.API/SetGroupsForUser"
	API_ModifyMembers_FullMethodName              = "/auth_v2.API/ModifyMembers"
	API_GetGroups_FullMethodName                  = "/auth_v2.API/GetGroups"
	API_GetGroupsForPrincipal_FullMethodName      = "/auth_v2.API/GetGroupsForPrincipal"
	API_GetUsers_FullMethodName                   = "/auth_v2.API/GetUsers"
	API_ExtractAuthTokens_FullMethodName          = "/auth_v2.API/ExtractAuthTokens"
	API_RestoreAuthToken_FullMethodName           = "/auth_v2.API/RestoreAuthToken"
	API_DeleteExpiredAuthTokens_FullMethodName    = "/auth_v2.API/DeleteExpiredAuthTokens"
	API_RotateRootToken_FullMethodName            = "/auth_v2.API/RotateRootToken"
)

Variables

View Source 
var (
	// ErrNotActivated is returned by an Auth API if the Auth service
	// has not been activated.
	//
	// Note: This error message string is matched in the UI. If edited,
	// it also needs to be updated in the UI code
	ErrNotActivated = status.Error(codes.Unimplemented, "the auth service is not activated")

	// ErrAlreadyActivated is returned by Activate if the Auth service
	// is already activated.
	ErrAlreadyActivated = status.Error(codes.Unimplemented, "the auth service is already activated")

	// ErrNotSignedIn indicates that the caller isn't signed in
	//
	// Note: This error message string is matched in the UI. If edited,
	// it also needs to be updated in the UI code
	ErrNotSignedIn = status.Error(codes.Unauthenticated, "no authentication token (try logging in)")

	// ErrNoMetadata is returned by the Auth API if the caller sent a request
	// containing no auth token.
	ErrNoMetadata = status.Error(codes.Internal, "no authentication metadata (try logging in)")

	// ErrBadToken is returned by the Auth API if the caller's token is corrupted
	// or has expired.
	ErrBadToken = status.Error(codes.Unauthenticated, "provided auth token is corrupted or has expired (try logging in again)")

	// ErrExpiredToken is returned by the Auth API if a restored token expired in
	// the past.
	ErrExpiredToken = status.Error(codes.Internal, "token expiration is in the past")
)
View Source 
var (
	Permission_name = map[int32]string{
		0:   "PERMISSION_UNKNOWN",
		100: "CLUSTER_MODIFY_BINDINGS",
		101: "CLUSTER_GET_BINDINGS",
		148: "CLUSTER_GET_PACHD_LOGS",
		150: "CLUSTER_GET_LOKI_LOGS",
		102: "CLUSTER_AUTH_ACTIVATE",
		103: "CLUSTER_AUTH_DEACTIVATE",
		104: "CLUSTER_AUTH_GET_CONFIG",
		105: "CLUSTER_AUTH_SET_CONFIG",
		139: "CLUSTER_AUTH_GET_ROBOT_TOKEN",
		109: "CLUSTER_AUTH_MODIFY_GROUP_MEMBERS",
		110: "CLUSTER_AUTH_GET_GROUPS",
		111: "CLUSTER_AUTH_GET_GROUP_USERS",
		112: "CLUSTER_AUTH_EXTRACT_TOKENS",
		113: "CLUSTER_AUTH_RESTORE_TOKEN",
		141: "CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL",
		140: "CLUSTER_AUTH_DELETE_EXPIRED_TOKENS",
		142: "CLUSTER_AUTH_REVOKE_USER_TOKENS",
		147: "CLUSTER_AUTH_ROTATE_ROOT_TOKEN",
		114: "CLUSTER_ENTERPRISE_ACTIVATE",
		115: "CLUSTER_ENTERPRISE_HEARTBEAT",
		116: "CLUSTER_ENTERPRISE_GET_CODE",
		117: "CLUSTER_ENTERPRISE_DEACTIVATE",
		149: "CLUSTER_ENTERPRISE_PAUSE",
		118: "CLUSTER_IDENTITY_SET_CONFIG",
		119: "CLUSTER_IDENTITY_GET_CONFIG",
		120: "CLUSTER_IDENTITY_CREATE_IDP",
		121: "CLUSTER_IDENTITY_UPDATE_IDP",
		122: "CLUSTER_IDENTITY_LIST_IDPS",
		123: "CLUSTER_IDENTITY_GET_IDP",
		124: "CLUSTER_IDENTITY_DELETE_IDP",
		125: "CLUSTER_IDENTITY_CREATE_OIDC_CLIENT",
		126: "CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT",
		127: "CLUSTER_IDENTITY_LIST_OIDC_CLIENTS",
		128: "CLUSTER_IDENTITY_GET_OIDC_CLIENT",
		129: "CLUSTER_IDENTITY_DELETE_OIDC_CLIENT",
		131: "CLUSTER_DEBUG_DUMP",
		132: "CLUSTER_LICENSE_ACTIVATE",
		133: "CLUSTER_LICENSE_GET_CODE",
		134: "CLUSTER_LICENSE_ADD_CLUSTER",
		135: "CLUSTER_LICENSE_UPDATE_CLUSTER",
		136: "CLUSTER_LICENSE_DELETE_CLUSTER",
		137: "CLUSTER_LICENSE_LIST_CLUSTERS",
		143: "CLUSTER_CREATE_SECRET",
		144: "CLUSTER_LIST_SECRETS",
		145: "SECRET_DELETE",
		146: "SECRET_INSPECT",
		138: "CLUSTER_DELETE_ALL",
		200: "REPO_READ",
		201: "REPO_WRITE",
		202: "REPO_MODIFY_BINDINGS",
		203: "REPO_DELETE",
		204: "REPO_INSPECT_COMMIT",
		205: "REPO_LIST_COMMIT",
		206: "REPO_DELETE_COMMIT",
		207: "REPO_CREATE_BRANCH",
		208: "REPO_LIST_BRANCH",
		209: "REPO_DELETE_BRANCH",
		210: "REPO_INSPECT_FILE",
		211: "REPO_LIST_FILE",
		212: "REPO_ADD_PIPELINE_READER",
		213: "REPO_REMOVE_PIPELINE_READER",
		214: "REPO_ADD_PIPELINE_WRITER",
		301: "PIPELINE_LIST_JOB",
		400: "PROJECT_CREATE",
		401: "PROJECT_DELETE",
		402: "PROJECT_LIST_REPO",
		403: "PROJECT_CREATE_REPO",
		404: "PROJECT_MODIFY_BINDINGS",
	}
	Permission_value = map[string]int32{
		"PERMISSION_UNKNOWN":                         0,
		"CLUSTER_MODIFY_BINDINGS":                    100,
		"CLUSTER_GET_BINDINGS":                       101,
		"CLUSTER_GET_PACHD_LOGS":                     148,
		"CLUSTER_GET_LOKI_LOGS":                      150,
		"CLUSTER_AUTH_ACTIVATE":                      102,
		"CLUSTER_AUTH_DEACTIVATE":                    103,
		"CLUSTER_AUTH_GET_CONFIG":                    104,
		"CLUSTER_AUTH_SET_CONFIG":                    105,
		"CLUSTER_AUTH_GET_ROBOT_TOKEN":               139,
		"CLUSTER_AUTH_MODIFY_GROUP_MEMBERS":          109,
		"CLUSTER_AUTH_GET_GROUPS":                    110,
		"CLUSTER_AUTH_GET_GROUP_USERS":               111,
		"CLUSTER_AUTH_EXTRACT_TOKENS":                112,
		"CLUSTER_AUTH_RESTORE_TOKEN":                 113,
		"CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL": 141,
		"CLUSTER_AUTH_DELETE_EXPIRED_TOKENS":         140,
		"CLUSTER_AUTH_REVOKE_USER_TOKENS":            142,
		"CLUSTER_AUTH_ROTATE_ROOT_TOKEN":             147,
		"CLUSTER_ENTERPRISE_ACTIVATE":                114,
		"CLUSTER_ENTERPRISE_HEARTBEAT":               115,
		"CLUSTER_ENTERPRISE_GET_CODE":                116,
		"CLUSTER_ENTERPRISE_DEACTIVATE":              117,
		"CLUSTER_ENTERPRISE_PAUSE":                   149,
		"CLUSTER_IDENTITY_SET_CONFIG":                118,
		"CLUSTER_IDENTITY_GET_CONFIG":                119,
		"CLUSTER_IDENTITY_CREATE_IDP":                120,
		"CLUSTER_IDENTITY_UPDATE_IDP":                121,
		"CLUSTER_IDENTITY_LIST_IDPS":                 122,
		"CLUSTER_IDENTITY_GET_IDP":                   123,
		"CLUSTER_IDENTITY_DELETE_IDP":                124,
		"CLUSTER_IDENTITY_CREATE_OIDC_CLIENT":        125,
		"CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT":        126,
		"CLUSTER_IDENTITY_LIST_OIDC_CLIENTS":         127,
		"CLUSTER_IDENTITY_GET_OIDC_CLIENT":           128,
		"CLUSTER_IDENTITY_DELETE_OIDC_CLIENT":        129,
		"CLUSTER_DEBUG_DUMP":                         131,
		"CLUSTER_LICENSE_ACTIVATE":                   132,
		"CLUSTER_LICENSE_GET_CODE":                   133,
		"CLUSTER_LICENSE_ADD_CLUSTER":                134,
		"CLUSTER_LICENSE_UPDATE_CLUSTER":             135,
		"CLUSTER_LICENSE_DELETE_CLUSTER":             136,
		"CLUSTER_LICENSE_LIST_CLUSTERS":              137,
		"CLUSTER_CREATE_SECRET":                      143,
		"CLUSTER_LIST_SECRETS":                       144,
		"SECRET_DELETE":                              145,
		"SECRET_INSPECT":                             146,
		"CLUSTER_DELETE_ALL":                         138,
		"REPO_READ":                                  200,
		"REPO_WRITE":                                 201,
		"REPO_MODIFY_BINDINGS":                       202,
		"REPO_DELETE":                                203,
		"REPO_INSPECT_COMMIT":                        204,
		"REPO_LIST_COMMIT":                           205,
		"REPO_DELETE_COMMIT":                         206,
		"REPO_CREATE_BRANCH":                         207,
		"REPO_LIST_BRANCH":                           208,
		"REPO_DELETE_BRANCH":                         209,
		"REPO_INSPECT_FILE":                          210,
		"REPO_LIST_FILE":                             211,
		"REPO_ADD_PIPELINE_READER":                   212,
		"REPO_REMOVE_PIPELINE_READER":                213,
		"REPO_ADD_PIPELINE_WRITER":                   214,
		"PIPELINE_LIST_JOB":                          301,
		"PROJECT_CREATE":                             400,
		"PROJECT_DELETE":                             401,
		"PROJECT_LIST_REPO":                          402,
		"PROJECT_CREATE_REPO":                        403,
		"PROJECT_MODIFY_BINDINGS":                    404,
	}
)

Enum value maps for Permission.

View Source 
var (
	ResourceType_name = map[int32]string{
		0: "RESOURCE_TYPE_UNKNOWN",
		1: "CLUSTER",
		2: "REPO",
		3: "SPEC_REPO",
		4: "PROJECT",
	}
	ResourceType_value = map[string]int32{
		"RESOURCE_TYPE_UNKNOWN": 0,
		"CLUSTER":               1,
		"REPO":                  2,
		"SPEC_REPO":             3,
		"PROJECT":               4,
	}
)

Enum value maps for ResourceType.

View Source 
var API_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "auth_v2.API",
	HandlerType: (*APIServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Activate",
			Handler:    _API_Activate_Handler,
		},
		{
			MethodName: "Deactivate",
			Handler:    _API_Deactivate_Handler,
		},
		{
			MethodName: "GetConfiguration",
			Handler:    _API_GetConfiguration_Handler,
		},
		{
			MethodName: "SetConfiguration",
			Handler:    _API_SetConfiguration_Handler,
		},
		{
			MethodName: "Authenticate",
			Handler:    _API_Authenticate_Handler,
		},
		{
			MethodName: "Authorize",
			Handler:    _API_Authorize_Handler,
		},
		{
			MethodName: "GetPermissions",
			Handler:    _API_GetPermissions_Handler,
		},
		{
			MethodName: "GetPermissionsForPrincipal",
			Handler:    _API_GetPermissionsForPrincipal_Handler,
		},
		{
			MethodName: "WhoAmI",
			Handler:    _API_WhoAmI_Handler,
		},
		{
			MethodName: "GetRolesForPermission",
			Handler:    _API_GetRolesForPermission_Handler,
		},
		{
			MethodName: "ModifyRoleBinding",
			Handler:    _API_ModifyRoleBinding_Handler,
		},
		{
			MethodName: "GetRoleBinding",
			Handler:    _API_GetRoleBinding_Handler,
		},
		{
			MethodName: "GetOIDCLogin",
			Handler:    _API_GetOIDCLogin_Handler,
		},
		{
			MethodName: "GetRobotToken",
			Handler:    _API_GetRobotToken_Handler,
		},
		{
			MethodName: "RevokeAuthToken",
			Handler:    _API_RevokeAuthToken_Handler,
		},
		{
			MethodName: "RevokeAuthTokensForUser",
			Handler:    _API_RevokeAuthTokensForUser_Handler,
		},
		{
			MethodName: "SetGroupsForUser",
			Handler:    _API_SetGroupsForUser_Handler,
		},
		{
			MethodName: "ModifyMembers",
			Handler:    _API_ModifyMembers_Handler,
		},
		{
			MethodName: "GetGroups",
			Handler:    _API_GetGroups_Handler,
		},
		{
			MethodName: "GetGroupsForPrincipal",
			Handler:    _API_GetGroupsForPrincipal_Handler,
		},
		{
			MethodName: "GetUsers",
			Handler:    _API_GetUsers_Handler,
		},
		{
			MethodName: "ExtractAuthTokens",
			Handler:    _API_ExtractAuthTokens_Handler,
		},
		{
			MethodName: "RestoreAuthToken",
			Handler:    _API_RestoreAuthToken_Handler,
		},
		{
			MethodName: "DeleteExpiredAuthTokens",
			Handler:    _API_DeleteExpiredAuthTokens_Handler,
		},
		{
			MethodName: "RotateRootToken",
			Handler:    _API_RotateRootToken_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "auth/auth.proto",
}

API_ServiceDesc is the grpc.ServiceDesc for API service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var DefaultOIDCScopes = []string{"email", "profile", "groups", oidc.ScopeOpenID}
View Source 
var File_auth_auth_proto protoreflect.FileDescriptor

Functions

func GetAuthToken 

func GetAuthToken(ctx context.Context) (string, error)

GetAuthToken extracts the auth token embedded in 'ctx', if there is one

func HashToken 

func HashToken(token string) string

HashToken converts a token to a cryptographic hash. We don't want to store tokens verbatim in the database, as then whoever that has access to the database has access to all tokens.

func IsErrAlreadyActivated 

func IsErrAlreadyActivated(err error) bool

IsErrAlreadyActivated checks if an error is a ErrAlreadyActivated

func IsErrBadToken 

func IsErrBadToken(err error) bool

IsErrBadToken returns true if 'err' is a ErrBadToken

func IsErrExpiredToken 

func IsErrExpiredToken(err error) bool

IsErrExpiredToken returns true if 'err' is a ErrExpiredToken

func IsErrInvalidPrincipal 

func IsErrInvalidPrincipal(err error) bool

IsErrInvalidPrincipal returns true if 'err' is an ErrInvalidPrincipal

func IsErrNoMetadata 

func IsErrNoMetadata(err error) bool

IsErrNoMetadata returns true if 'err' is an ErrNoMetadata (uses string comparison to work across RPC boundaries)

func IsErrNoRoleBinding 

func IsErrNoRoleBinding(err error) bool

IsErrNoRoleBinding checks if an error is a ErrNoRoleBinding

func IsErrNotActivated 

func IsErrNotActivated(err error) bool

IsErrNotActivated checks if an error is a ErrNotActivated

func IsErrNotAuthorized 

func IsErrNotAuthorized(err error) bool

IsErrNotAuthorized checks if an error is a ErrNotAuthorized

func IsErrNotSignedIn 

func IsErrNotSignedIn(err error) bool

IsErrNotSignedIn returns true if 'err' is a ErrNotSignedIn

func IsErrTooShortTTL 

func IsErrTooShortTTL(err error) bool

IsErrTooShortTTL returns true if 'err' is a ErrTooShortTTL

func RegisterAPIServer 

func RegisterAPIServer(s grpc.ServiceRegistrar, srv APIServer)

Types

type APIClient 

type APIClient interface {
	// Activate/Deactivate the auth API. 'Activate' sets an initial set of admins
	// for the Pachyderm cluster, and 'Deactivate' removes all ACLs, tokens, and
	// admins from the Pachyderm cluster, making all data publicly accessable
	Activate(ctx context.Context, in *ActivateRequest, opts ...grpc.CallOption) (*ActivateResponse, error)
	Deactivate(ctx context.Context, in *DeactivateRequest, opts ...grpc.CallOption) (*DeactivateResponse, error)
	GetConfiguration(ctx context.Context, in *GetConfigurationRequest, opts ...grpc.CallOption) (*GetConfigurationResponse, error)
	SetConfiguration(ctx context.Context, in *SetConfigurationRequest, opts ...grpc.CallOption) (*SetConfigurationResponse, error)
	Authenticate(ctx context.Context, in *AuthenticateRequest, opts ...grpc.CallOption) (*AuthenticateResponse, error)
	Authorize(ctx context.Context, in *AuthorizeRequest, opts ...grpc.CallOption) (*AuthorizeResponse, error)
	GetPermissions(ctx context.Context, in *GetPermissionsRequest, opts ...grpc.CallOption) (*GetPermissionsResponse, error)
	GetPermissionsForPrincipal(ctx context.Context, in *GetPermissionsForPrincipalRequest, opts ...grpc.CallOption) (*GetPermissionsResponse, error)
	WhoAmI(ctx context.Context, in *WhoAmIRequest, opts ...grpc.CallOption) (*WhoAmIResponse, error)
	GetRolesForPermission(ctx context.Context, in *GetRolesForPermissionRequest, opts ...grpc.CallOption) (*GetRolesForPermissionResponse, error)
	ModifyRoleBinding(ctx context.Context, in *ModifyRoleBindingRequest, opts ...grpc.CallOption) (*ModifyRoleBindingResponse, error)
	GetRoleBinding(ctx context.Context, in *GetRoleBindingRequest, opts ...grpc.CallOption) (*GetRoleBindingResponse, error)
	GetOIDCLogin(ctx context.Context, in *GetOIDCLoginRequest, opts ...grpc.CallOption) (*GetOIDCLoginResponse, error)
	GetRobotToken(ctx context.Context, in *GetRobotTokenRequest, opts ...grpc.CallOption) (*GetRobotTokenResponse, error)
	RevokeAuthToken(ctx context.Context, in *RevokeAuthTokenRequest, opts ...grpc.CallOption) (*RevokeAuthTokenResponse, error)
	RevokeAuthTokensForUser(ctx context.Context, in *RevokeAuthTokensForUserRequest, opts ...grpc.CallOption) (*RevokeAuthTokensForUserResponse, error)
	SetGroupsForUser(ctx context.Context, in *SetGroupsForUserRequest, opts ...grpc.CallOption) (*SetGroupsForUserResponse, error)
	ModifyMembers(ctx context.Context, in *ModifyMembersRequest, opts ...grpc.CallOption) (*ModifyMembersResponse, error)
	GetGroups(ctx context.Context, in *GetGroupsRequest, opts ...grpc.CallOption) (*GetGroupsResponse, error)
	GetGroupsForPrincipal(ctx context.Context, in *GetGroupsForPrincipalRequest, opts ...grpc.CallOption) (*GetGroupsResponse, error)
	GetUsers(ctx context.Context, in *GetUsersRequest, opts ...grpc.CallOption) (*GetUsersResponse, error)
	ExtractAuthTokens(ctx context.Context, in *ExtractAuthTokensRequest, opts ...grpc.CallOption) (*ExtractAuthTokensResponse, error)
	RestoreAuthToken(ctx context.Context, in *RestoreAuthTokenRequest, opts ...grpc.CallOption) (*RestoreAuthTokenResponse, error)
	DeleteExpiredAuthTokens(ctx context.Context, in *DeleteExpiredAuthTokensRequest, opts ...grpc.CallOption) (*DeleteExpiredAuthTokensResponse, error)
	RotateRootToken(ctx context.Context, in *RotateRootTokenRequest, opts ...grpc.CallOption) (*RotateRootTokenResponse, error)
}

APIClient is the client API for API service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewAPIClient 

func NewAPIClient(cc grpc.ClientConnInterface) APIClient

type APIServer 

type APIServer interface {
	// Activate/Deactivate the auth API. 'Activate' sets an initial set of admins
	// for the Pachyderm cluster, and 'Deactivate' removes all ACLs, tokens, and
	// admins from the Pachyderm cluster, making all data publicly accessable
	Activate(context.Context, *ActivateRequest) (*ActivateResponse, error)
	Deactivate(context.Context, *DeactivateRequest) (*DeactivateResponse, error)
	GetConfiguration(context.Context, *GetConfigurationRequest) (*GetConfigurationResponse, error)
	SetConfiguration(context.Context, *SetConfigurationRequest) (*SetConfigurationResponse, error)
	Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error)
	Authorize(context.Context, *AuthorizeRequest) (*AuthorizeResponse, error)
	GetPermissions(context.Context, *GetPermissionsRequest) (*GetPermissionsResponse, error)
	GetPermissionsForPrincipal(context.Context, *GetPermissionsForPrincipalRequest) (*GetPermissionsResponse, error)
	WhoAmI(context.Context, *WhoAmIRequest) (*WhoAmIResponse, error)
	GetRolesForPermission(context.Context, *GetRolesForPermissionRequest) (*GetRolesForPermissionResponse, error)
	ModifyRoleBinding(context.Context, *ModifyRoleBindingRequest) (*ModifyRoleBindingResponse, error)
	GetRoleBinding(context.Context, *GetRoleBindingRequest) (*GetRoleBindingResponse, error)
	GetOIDCLogin(context.Context, *GetOIDCLoginRequest) (*GetOIDCLoginResponse, error)
	GetRobotToken(context.Context, *GetRobotTokenRequest) (*GetRobotTokenResponse, error)
	RevokeAuthToken(context.Context, *RevokeAuthTokenRequest) (*RevokeAuthTokenResponse, error)
	RevokeAuthTokensForUser(context.Context, *RevokeAuthTokensForUserRequest) (*RevokeAuthTokensForUserResponse, error)
	SetGroupsForUser(context.Context, *SetGroupsForUserRequest) (*SetGroupsForUserResponse, error)
	ModifyMembers(context.Context, *ModifyMembersRequest) (*ModifyMembersResponse, error)
	GetGroups(context.Context, *GetGroupsRequest) (*GetGroupsResponse, error)
	GetGroupsForPrincipal(context.Context, *GetGroupsForPrincipalRequest) (*GetGroupsResponse, error)
	GetUsers(context.Context, *GetUsersRequest) (*GetUsersResponse, error)
	ExtractAuthTokens(context.Context, *ExtractAuthTokensRequest) (*ExtractAuthTokensResponse, error)
	RestoreAuthToken(context.Context, *RestoreAuthTokenRequest) (*RestoreAuthTokenResponse, error)
	DeleteExpiredAuthTokens(context.Context, *DeleteExpiredAuthTokensRequest) (*DeleteExpiredAuthTokensResponse, error)
	RotateRootToken(context.Context, *RotateRootTokenRequest) (*RotateRootTokenResponse, error)
	// contains filtered or unexported methods
}

APIServer is the server API for API service. All implementations must embed UnimplementedAPIServer for forward compatibility

type ActivateRequest 

type ActivateRequest struct {

	// If set, this token is used as the root user login token. Otherwise the root token
	// is randomly generated and returned in the response.
	RootToken string `protobuf:"bytes,1,opt,name=root_token,json=rootToken,proto3" json:"root_token,omitempty"`
	// contains filtered or unexported fields
}

ActivateRequest enables authentication on the cluster. It issues an auth token with no expiration for the irrevocable admin user `pach:root`.

func (*ActivateRequest) Descriptor deprecated 

func (*ActivateRequest) Descriptor() ([]byte, []int)

Deprecated: Use ActivateRequest.ProtoReflect.Descriptor instead.

func (*ActivateRequest) GetRootToken 

func (x *ActivateRequest) GetRootToken() string

func (*ActivateRequest) MarshalLogObject 

func (x *ActivateRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ActivateRequest) ProtoMessage 

func (*ActivateRequest) ProtoMessage()

func (*ActivateRequest) ProtoReflect added in v2.7.0 

func (x *ActivateRequest) ProtoReflect() protoreflect.Message

func (*ActivateRequest) Reset 

func (x *ActivateRequest) Reset()

func (*ActivateRequest) String 

func (x *ActivateRequest) String() string

type ActivateResponse 

type ActivateResponse struct {

	// pach_token authenticates the caller with Pachyderm (if you want to perform
	// Pachyderm operations after auth has been activated as themselves, you must
	// present this token along with your regular request)
	PachToken string `protobuf:"bytes,1,opt,name=pach_token,json=pachToken,proto3" json:"pach_token,omitempty"`
	// contains filtered or unexported fields
}

func (*ActivateResponse) Descriptor deprecated 

func (*ActivateResponse) Descriptor() ([]byte, []int)

Deprecated: Use ActivateResponse.ProtoReflect.Descriptor instead.

func (*ActivateResponse) GetPachToken 

func (x *ActivateResponse) GetPachToken() string

func (*ActivateResponse) MarshalLogObject 

func (x *ActivateResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ActivateResponse) ProtoMessage 

func (*ActivateResponse) ProtoMessage()

func (*ActivateResponse) ProtoReflect added in v2.7.0 

func (x *ActivateResponse) ProtoReflect() protoreflect.Message

func (*ActivateResponse) Reset 

func (x *ActivateResponse) Reset()

func (*ActivateResponse) String 

func (x *ActivateResponse) String() string

type AuthenticateRequest 

type AuthenticateRequest struct {

	// This is the session state that Pachyderm creates in order to keep track of
	// information related to the current OIDC session.
	OidcState string `protobuf:"bytes,1,opt,name=oidc_state,json=oidcState,proto3" json:"oidc_state,omitempty"`
	// This is an ID Token issued by the OIDC provider.
	IdToken string `protobuf:"bytes,2,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthenticateRequest) Descriptor deprecated 

func (*AuthenticateRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateRequest.ProtoReflect.Descriptor instead.

func (*AuthenticateRequest) GetIdToken 

func (x *AuthenticateRequest) GetIdToken() string

func (*AuthenticateRequest) GetOidcState added in v2.7.0 

func (x *AuthenticateRequest) GetOidcState() string

func (*AuthenticateRequest) MarshalLogObject 

func (x *AuthenticateRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*AuthenticateRequest) ProtoMessage 

func (*AuthenticateRequest) ProtoMessage()

func (*AuthenticateRequest) ProtoReflect added in v2.7.0 

func (x *AuthenticateRequest) ProtoReflect() protoreflect.Message

func (*AuthenticateRequest) Reset 

func (x *AuthenticateRequest) Reset()

func (*AuthenticateRequest) String 

func (x *AuthenticateRequest) String() string

type AuthenticateResponse 

type AuthenticateResponse struct {

	// pach_token authenticates the caller with Pachyderm (if you want to perform
	// Pachyderm operations after auth has been activated as themselves, you must
	// present this token along with your regular request)
	PachToken string `protobuf:"bytes,1,opt,name=pach_token,json=pachToken,proto3" json:"pach_token,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthenticateResponse) Descriptor deprecated 

func (*AuthenticateResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateResponse.ProtoReflect.Descriptor instead.

func (*AuthenticateResponse) GetPachToken 

func (x *AuthenticateResponse) GetPachToken() string

func (*AuthenticateResponse) MarshalLogObject 

func (x *AuthenticateResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*AuthenticateResponse) ProtoMessage 

func (*AuthenticateResponse) ProtoMessage()

func (*AuthenticateResponse) ProtoReflect added in v2.7.0 

func (x *AuthenticateResponse) ProtoReflect() protoreflect.Message

func (*AuthenticateResponse) Reset 

func (x *AuthenticateResponse) Reset()

func (*AuthenticateResponse) String 

func (x *AuthenticateResponse) String() string

type AuthorizeRequest 

type AuthorizeRequest struct {
	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// permissions are the operations the caller is attempting to perform
	Permissions []Permission `protobuf:"varint,2,rep,packed,name=permissions,proto3,enum=auth_v2.Permission" json:"permissions,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizeRequest) Descriptor deprecated 

func (*AuthorizeRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizeRequest.ProtoReflect.Descriptor instead.

func (*AuthorizeRequest) GetPermissions 

func (x *AuthorizeRequest) GetPermissions() []Permission

func (*AuthorizeRequest) GetResource 

func (x *AuthorizeRequest) GetResource() *Resource

func (*AuthorizeRequest) MarshalLogObject 

func (x *AuthorizeRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*AuthorizeRequest) ProtoMessage 

func (*AuthorizeRequest) ProtoMessage()

func (*AuthorizeRequest) ProtoReflect added in v2.7.0 

func (x *AuthorizeRequest) ProtoReflect() protoreflect.Message

func (*AuthorizeRequest) Reset 

func (x *AuthorizeRequest) Reset()

func (*AuthorizeRequest) String 

func (x *AuthorizeRequest) String() string

type AuthorizeResponse 

type AuthorizeResponse struct {

	// authorized is true if the caller has the require permissions
	Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"`
	// satisfied is the set of permission that the principal has
	Satisfied []Permission `protobuf:"varint,2,rep,packed,name=satisfied,proto3,enum=auth_v2.Permission" json:"satisfied,omitempty"`
	// missing is the set of permissions that the principal lacks
	Missing []Permission `protobuf:"varint,3,rep,packed,name=missing,proto3,enum=auth_v2.Permission" json:"missing,omitempty"`
	// principal is the principal the request was evaluated for
	Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizeResponse) Descriptor deprecated 

func (*AuthorizeResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizeResponse.ProtoReflect.Descriptor instead.

func (*AuthorizeResponse) GetAuthorized 

func (x *AuthorizeResponse) GetAuthorized() bool

func (*AuthorizeResponse) GetMissing 

func (x *AuthorizeResponse) GetMissing() []Permission

func (*AuthorizeResponse) GetPrincipal 

func (x *AuthorizeResponse) GetPrincipal() string

func (*AuthorizeResponse) GetSatisfied 

func (x *AuthorizeResponse) GetSatisfied() []Permission

func (*AuthorizeResponse) MarshalLogObject 

func (x *AuthorizeResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*AuthorizeResponse) ProtoMessage 

func (*AuthorizeResponse) ProtoMessage()

func (*AuthorizeResponse) ProtoReflect added in v2.7.0 

func (x *AuthorizeResponse) ProtoReflect() protoreflect.Message

func (*AuthorizeResponse) Reset 

func (x *AuthorizeResponse) Reset()

func (*AuthorizeResponse) String 

func (x *AuthorizeResponse) String() string

type DeactivateRequest 

type DeactivateRequest struct {
	// contains filtered or unexported fields
}

func (*DeactivateRequest) Descriptor deprecated 

func (*DeactivateRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeactivateRequest.ProtoReflect.Descriptor instead.

func (*DeactivateRequest) MarshalLogObject 

func (x *DeactivateRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*DeactivateRequest) ProtoMessage 

func (*DeactivateRequest) ProtoMessage()

func (*DeactivateRequest) ProtoReflect added in v2.7.0 

func (x *DeactivateRequest) ProtoReflect() protoreflect.Message

func (*DeactivateRequest) Reset 

func (x *DeactivateRequest) Reset()

func (*DeactivateRequest) String 

func (x *DeactivateRequest) String() string

type DeactivateResponse 

type DeactivateResponse struct {
	// contains filtered or unexported fields
}

func (*DeactivateResponse) Descriptor deprecated 

func (*DeactivateResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeactivateResponse.ProtoReflect.Descriptor instead.

func (*DeactivateResponse) MarshalLogObject 

func (x *DeactivateResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*DeactivateResponse) ProtoMessage 

func (*DeactivateResponse) ProtoMessage()

func (*DeactivateResponse) ProtoReflect added in v2.7.0 

func (x *DeactivateResponse) ProtoReflect() protoreflect.Message

func (*DeactivateResponse) Reset 

func (x *DeactivateResponse) Reset()

func (*DeactivateResponse) String 

func (x *DeactivateResponse) String() string

type DeleteExpiredAuthTokensRequest 

type DeleteExpiredAuthTokensRequest struct {
	// contains filtered or unexported fields
}

func (*DeleteExpiredAuthTokensRequest) Descriptor deprecated 

func (*DeleteExpiredAuthTokensRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteExpiredAuthTokensRequest.ProtoReflect.Descriptor instead.

func (*DeleteExpiredAuthTokensRequest) MarshalLogObject 

func (x *DeleteExpiredAuthTokensRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*DeleteExpiredAuthTokensRequest) ProtoMessage 

func (*DeleteExpiredAuthTokensRequest) ProtoMessage()

func (*DeleteExpiredAuthTokensRequest) ProtoReflect added in v2.7.0 

func (x *DeleteExpiredAuthTokensRequest) ProtoReflect() protoreflect.Message

func (*DeleteExpiredAuthTokensRequest) Reset 

func (x *DeleteExpiredAuthTokensRequest) Reset()

func (*DeleteExpiredAuthTokensRequest) String 

func (x *DeleteExpiredAuthTokensRequest) String() string

type DeleteExpiredAuthTokensResponse 

type DeleteExpiredAuthTokensResponse struct {
	// contains filtered or unexported fields
}

func (*DeleteExpiredAuthTokensResponse) Descriptor deprecated 

func (*DeleteExpiredAuthTokensResponse) Descriptor() ([]byte, []int)

Deprecated: Use DeleteExpiredAuthTokensResponse.ProtoReflect.Descriptor instead.

func (*DeleteExpiredAuthTokensResponse) MarshalLogObject 

func (x *DeleteExpiredAuthTokensResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*DeleteExpiredAuthTokensResponse) ProtoMessage 

func (*DeleteExpiredAuthTokensResponse) ProtoMessage()

func (*DeleteExpiredAuthTokensResponse) ProtoReflect added in v2.7.0 

func (x *DeleteExpiredAuthTokensResponse) ProtoReflect() protoreflect.Message

func (*DeleteExpiredAuthTokensResponse) Reset 

func (x *DeleteExpiredAuthTokensResponse) Reset()

func (*DeleteExpiredAuthTokensResponse) String 

func (x *DeleteExpiredAuthTokensResponse) String() string

type ErrInvalidPrincipal 

type ErrInvalidPrincipal struct {
	Principal string
}

ErrInvalidPrincipal indicates that a an argument to e.g. GetScope, SetScope, or SetACL is invalid

func (*ErrInvalidPrincipal) Error 

func (e *ErrInvalidPrincipal) Error() string

type ErrNoRoleBinding 

type ErrNoRoleBinding struct {
	Resource *Resource
}

ErrNoRoleBinding is returned if no role binding exists for a resource.

func (*ErrNoRoleBinding) Error 

func (e *ErrNoRoleBinding) Error() string

type ErrNotAuthorized 

type ErrNotAuthorized struct {
	Subject string // subject trying to perform blocked operation -- always set

	Resource *Resource    // Resource that the user is attempting to access
	Required []Permission // Caller needs 'Required'-level access to 'Resource'
}

ErrNotAuthorized is returned if the user is not authorized to perform a certain operation.

func (*ErrNotAuthorized) Error 

func (e *ErrNotAuthorized) Error() string

func (*ErrNotAuthorized) GRPCStatus added in v2.7.0 

func (e *ErrNotAuthorized) GRPCStatus() *status.Status

Implement the interface expected by status.FromError. An ErrNotAuthorized is a permission-denied status.

type ErrTooShortTTL 

type ErrTooShortTTL struct {
	RequestTTL, ExistingTTL int64
}

ErrTooShortTTL is returned by the ExtendAuthToken if request.Token already has a TTL longer than request.TTL.

func (ErrTooShortTTL) Error 

func (e ErrTooShortTTL) Error() string

type ExtractAuthTokensRequest 

type ExtractAuthTokensRequest struct {
	// contains filtered or unexported fields
}

ExtractAuthTokens returns all the hashed robot tokens that have been issued. User tokens are not extracted as they can be recreated by logging in.

func (*ExtractAuthTokensRequest) Descriptor deprecated 

func (*ExtractAuthTokensRequest) Descriptor() ([]byte, []int)

Deprecated: Use ExtractAuthTokensRequest.ProtoReflect.Descriptor instead.

func (*ExtractAuthTokensRequest) MarshalLogObject 

func (x *ExtractAuthTokensRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ExtractAuthTokensRequest) ProtoMessage 

func (*ExtractAuthTokensRequest) ProtoMessage()

func (*ExtractAuthTokensRequest) ProtoReflect added in v2.7.0 

func (x *ExtractAuthTokensRequest) ProtoReflect() protoreflect.Message

func (*ExtractAuthTokensRequest) Reset 

func (x *ExtractAuthTokensRequest) Reset()

func (*ExtractAuthTokensRequest) String 

func (x *ExtractAuthTokensRequest) String() string

type ExtractAuthTokensResponse 

type ExtractAuthTokensResponse struct {
	Tokens []*TokenInfo `protobuf:"bytes,1,rep,name=tokens,proto3" json:"tokens,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtractAuthTokensResponse) Descriptor deprecated 

func (*ExtractAuthTokensResponse) Descriptor() ([]byte, []int)

Deprecated: Use ExtractAuthTokensResponse.ProtoReflect.Descriptor instead.

func (*ExtractAuthTokensResponse) GetTokens 

func (x *ExtractAuthTokensResponse) GetTokens() []*TokenInfo

func (*ExtractAuthTokensResponse) MarshalLogObject 

func (x *ExtractAuthTokensResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ExtractAuthTokensResponse) ProtoMessage 

func (*ExtractAuthTokensResponse) ProtoMessage()

func (*ExtractAuthTokensResponse) ProtoReflect added in v2.7.0 

func (x *ExtractAuthTokensResponse) ProtoReflect() protoreflect.Message

func (*ExtractAuthTokensResponse) Reset 

func (x *ExtractAuthTokensResponse) Reset()

func (*ExtractAuthTokensResponse) String 

func (x *ExtractAuthTokensResponse) String() string

type GetConfigurationRequest 

type GetConfigurationRequest struct {
	// contains filtered or unexported fields
}

func (*GetConfigurationRequest) Descriptor deprecated 

func (*GetConfigurationRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetConfigurationRequest.ProtoReflect.Descriptor instead.

func (*GetConfigurationRequest) MarshalLogObject 

func (x *GetConfigurationRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetConfigurationRequest) ProtoMessage 

func (*GetConfigurationRequest) ProtoMessage()

func (*GetConfigurationRequest) ProtoReflect added in v2.7.0 

func (x *GetConfigurationRequest) ProtoReflect() protoreflect.Message

func (*GetConfigurationRequest) Reset 

func (x *GetConfigurationRequest) Reset()

func (*GetConfigurationRequest) String 

func (x *GetConfigurationRequest) String() string

type GetConfigurationResponse 

type GetConfigurationResponse struct {
	Configuration *OIDCConfig `protobuf:"bytes,1,opt,name=configuration,proto3" json:"configuration,omitempty"`
	// contains filtered or unexported fields
}

func (*GetConfigurationResponse) Descriptor deprecated 

func (*GetConfigurationResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetConfigurationResponse.ProtoReflect.Descriptor instead.

func (*GetConfigurationResponse) GetConfiguration 

func (x *GetConfigurationResponse) GetConfiguration() *OIDCConfig

func (*GetConfigurationResponse) MarshalLogObject 

func (x *GetConfigurationResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetConfigurationResponse) ProtoMessage 

func (*GetConfigurationResponse) ProtoMessage()

func (*GetConfigurationResponse) ProtoReflect added in v2.7.0 

func (x *GetConfigurationResponse) ProtoReflect() protoreflect.Message

func (*GetConfigurationResponse) Reset 

func (x *GetConfigurationResponse) Reset()

func (*GetConfigurationResponse) String 

func (x *GetConfigurationResponse) String() string

type GetGroupsForPrincipalRequest 

type GetGroupsForPrincipalRequest struct {
	Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
	// contains filtered or unexported fields
}

func (*GetGroupsForPrincipalRequest) Descriptor deprecated 

func (*GetGroupsForPrincipalRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetGroupsForPrincipalRequest.ProtoReflect.Descriptor instead.

func (*GetGroupsForPrincipalRequest) GetPrincipal 

func (x *GetGroupsForPrincipalRequest) GetPrincipal() string

func (*GetGroupsForPrincipalRequest) MarshalLogObject 

func (x *GetGroupsForPrincipalRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetGroupsForPrincipalRequest) ProtoMessage 

func (*GetGroupsForPrincipalRequest) ProtoMessage()

func (*GetGroupsForPrincipalRequest) ProtoReflect added in v2.7.0 

func (x *GetGroupsForPrincipalRequest) ProtoReflect() protoreflect.Message

func (*GetGroupsForPrincipalRequest) Reset 

func (x *GetGroupsForPrincipalRequest) Reset()

func (*GetGroupsForPrincipalRequest) String 

func (x *GetGroupsForPrincipalRequest) String() string

type GetGroupsRequest 

type GetGroupsRequest struct {
	// contains filtered or unexported fields
}

func (*GetGroupsRequest) Descriptor deprecated 

func (*GetGroupsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetGroupsRequest.ProtoReflect.Descriptor instead.

func (*GetGroupsRequest) MarshalLogObject 

func (x *GetGroupsRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetGroupsRequest) ProtoMessage 

func (*GetGroupsRequest) ProtoMessage()

func (*GetGroupsRequest) ProtoReflect added in v2.7.0 

func (x *GetGroupsRequest) ProtoReflect() protoreflect.Message

func (*GetGroupsRequest) Reset 

func (x *GetGroupsRequest) Reset()

func (*GetGroupsRequest) String 

func (x *GetGroupsRequest) String() string

type GetGroupsResponse 

type GetGroupsResponse struct {
	Groups []string `protobuf:"bytes,1,rep,name=groups,proto3" json:"groups,omitempty"`
	// contains filtered or unexported fields
}

func (*GetGroupsResponse) Descriptor deprecated 

func (*GetGroupsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetGroupsResponse.ProtoReflect.Descriptor instead.

func (*GetGroupsResponse) GetGroups 

func (x *GetGroupsResponse) GetGroups() []string

func (*GetGroupsResponse) MarshalLogObject 

func (x *GetGroupsResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetGroupsResponse) ProtoMessage 

func (*GetGroupsResponse) ProtoMessage()

func (*GetGroupsResponse) ProtoReflect added in v2.7.0 

func (x *GetGroupsResponse) ProtoReflect() protoreflect.Message

func (*GetGroupsResponse) Reset 

func (x *GetGroupsResponse) Reset()

func (*GetGroupsResponse) String 

func (x *GetGroupsResponse) String() string

type GetOIDCLoginRequest 

type GetOIDCLoginRequest struct {
	// contains filtered or unexported fields
}

func (*GetOIDCLoginRequest) Descriptor deprecated 

func (*GetOIDCLoginRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetOIDCLoginRequest.ProtoReflect.Descriptor instead.

func (*GetOIDCLoginRequest) MarshalLogObject 

func (x *GetOIDCLoginRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetOIDCLoginRequest) ProtoMessage 

func (*GetOIDCLoginRequest) ProtoMessage()

func (*GetOIDCLoginRequest) ProtoReflect added in v2.7.0 

func (x *GetOIDCLoginRequest) ProtoReflect() protoreflect.Message

func (*GetOIDCLoginRequest) Reset 

func (x *GetOIDCLoginRequest) Reset()

func (*GetOIDCLoginRequest) String 

func (x *GetOIDCLoginRequest) String() string

type GetOIDCLoginResponse 

type GetOIDCLoginResponse struct {

	// The login URL generated for the OIDC object
	LoginUrl string `protobuf:"bytes,1,opt,name=login_url,json=loginUrl,proto3" json:"login_url,omitempty"`
	State    string `protobuf:"bytes,2,opt,name=state,proto3" json:"state,omitempty"`
	// contains filtered or unexported fields
}

func (*GetOIDCLoginResponse) Descriptor deprecated 

func (*GetOIDCLoginResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetOIDCLoginResponse.ProtoReflect.Descriptor instead.

func (*GetOIDCLoginResponse) GetLoginUrl added in v2.7.0 

func (x *GetOIDCLoginResponse) GetLoginUrl() string

func (*GetOIDCLoginResponse) GetState 

func (x *GetOIDCLoginResponse) GetState() string

func (*GetOIDCLoginResponse) MarshalLogObject 

func (x *GetOIDCLoginResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetOIDCLoginResponse) ProtoMessage 

func (*GetOIDCLoginResponse) ProtoMessage()

func (*GetOIDCLoginResponse) ProtoReflect added in v2.7.0 

func (x *GetOIDCLoginResponse) ProtoReflect() protoreflect.Message

func (*GetOIDCLoginResponse) Reset 

func (x *GetOIDCLoginResponse) Reset()

func (*GetOIDCLoginResponse) String 

func (x *GetOIDCLoginResponse) String() string

type GetPermissionsForPrincipalRequest 

type GetPermissionsForPrincipalRequest struct {
	Resource  *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	Principal string    `protobuf:"bytes,2,opt,name=principal,proto3" json:"principal,omitempty"`
	// contains filtered or unexported fields
}

GetPermissionsForPrincipal evaluates an arbitrary principal's permissions on a resource

func (*GetPermissionsForPrincipalRequest) Descriptor deprecated 

func (*GetPermissionsForPrincipalRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPermissionsForPrincipalRequest.ProtoReflect.Descriptor instead.

func (*GetPermissionsForPrincipalRequest) GetPrincipal 

func (x *GetPermissionsForPrincipalRequest) GetPrincipal() string

func (*GetPermissionsForPrincipalRequest) GetResource 

func (x *GetPermissionsForPrincipalRequest) GetResource() *Resource

func (*GetPermissionsForPrincipalRequest) MarshalLogObject 

func (x *GetPermissionsForPrincipalRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetPermissionsForPrincipalRequest) ProtoMessage 

func (*GetPermissionsForPrincipalRequest) ProtoMessage()

func (*GetPermissionsForPrincipalRequest) ProtoReflect added in v2.7.0 

func (x *GetPermissionsForPrincipalRequest) ProtoReflect() protoreflect.Message

func (*GetPermissionsForPrincipalRequest) Reset 

func (x *GetPermissionsForPrincipalRequest) Reset()

func (*GetPermissionsForPrincipalRequest) String 

func (x *GetPermissionsForPrincipalRequest) String() string

type GetPermissionsRequest 

type GetPermissionsRequest struct {
	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// contains filtered or unexported fields
}

GetPermissions evaluates the current user's permissions on a resource

func (*GetPermissionsRequest) Descriptor deprecated 

func (*GetPermissionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPermissionsRequest.ProtoReflect.Descriptor instead.

func (*GetPermissionsRequest) GetResource 

func (x *GetPermissionsRequest) GetResource() *Resource

func (*GetPermissionsRequest) MarshalLogObject 

func (x *GetPermissionsRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetPermissionsRequest) ProtoMessage 

func (*GetPermissionsRequest) ProtoMessage()

func (*GetPermissionsRequest) ProtoReflect added in v2.7.0 

func (x *GetPermissionsRequest) ProtoReflect() protoreflect.Message

func (*GetPermissionsRequest) Reset 

func (x *GetPermissionsRequest) Reset()

func (*GetPermissionsRequest) String 

func (x *GetPermissionsRequest) String() string

type GetPermissionsResponse 

type GetPermissionsResponse struct {

	// permissions is the set of permissions the principal has
	Permissions []Permission `protobuf:"varint,1,rep,packed,name=permissions,proto3,enum=auth_v2.Permission" json:"permissions,omitempty"`
	// roles is the set of roles the principal has
	Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPermissionsResponse) Descriptor deprecated 

func (*GetPermissionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPermissionsResponse.ProtoReflect.Descriptor instead.

func (*GetPermissionsResponse) GetPermissions 

func (x *GetPermissionsResponse) GetPermissions() []Permission

func (*GetPermissionsResponse) GetRoles 

func (x *GetPermissionsResponse) GetRoles() []string

func (*GetPermissionsResponse) MarshalLogObject 

func (x *GetPermissionsResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetPermissionsResponse) ProtoMessage 

func (*GetPermissionsResponse) ProtoMessage()

func (*GetPermissionsResponse) ProtoReflect added in v2.7.0 

func (x *GetPermissionsResponse) ProtoReflect() protoreflect.Message

func (*GetPermissionsResponse) Reset 

func (x *GetPermissionsResponse) Reset()

func (*GetPermissionsResponse) String 

func (x *GetPermissionsResponse) String() string

type GetRobotTokenRequest 

type GetRobotTokenRequest struct {

	// The returned token will allow the caller to access resources as this
	// robot user
	Robot string `protobuf:"bytes,1,opt,name=robot,proto3" json:"robot,omitempty"`
	// ttl indicates the requested (approximate) remaining lifetime of this token,
	// in seconds
	Ttl int64 `protobuf:"varint,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRobotTokenRequest) Descriptor deprecated 

func (*GetRobotTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetRobotTokenRequest.ProtoReflect.Descriptor instead.

func (*GetRobotTokenRequest) GetRobot 

func (x *GetRobotTokenRequest) GetRobot() string

func (*GetRobotTokenRequest) GetTtl added in v2.7.0 

func (x *GetRobotTokenRequest) GetTtl() int64

func (*GetRobotTokenRequest) MarshalLogObject 

func (x *GetRobotTokenRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRobotTokenRequest) ProtoMessage 

func (*GetRobotTokenRequest) ProtoMessage()

func (*GetRobotTokenRequest) ProtoReflect added in v2.7.0 

func (x *GetRobotTokenRequest) ProtoReflect() protoreflect.Message

func (*GetRobotTokenRequest) Reset 

func (x *GetRobotTokenRequest) Reset()

func (*GetRobotTokenRequest) String 

func (x *GetRobotTokenRequest) String() string

type GetRobotTokenResponse 

type GetRobotTokenResponse struct {

	// A new auth token for the requested robot
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRobotTokenResponse) Descriptor deprecated 

func (*GetRobotTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetRobotTokenResponse.ProtoReflect.Descriptor instead.

func (*GetRobotTokenResponse) GetToken 

func (x *GetRobotTokenResponse) GetToken() string

func (*GetRobotTokenResponse) MarshalLogObject 

func (x *GetRobotTokenResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRobotTokenResponse) ProtoMessage 

func (*GetRobotTokenResponse) ProtoMessage()

func (*GetRobotTokenResponse) ProtoReflect added in v2.7.0 

func (x *GetRobotTokenResponse) ProtoReflect() protoreflect.Message

func (*GetRobotTokenResponse) Reset 

func (x *GetRobotTokenResponse) Reset()

func (*GetRobotTokenResponse) String 

func (x *GetRobotTokenResponse) String() string

type GetRoleBindingRequest 

type GetRoleBindingRequest struct {
	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRoleBindingRequest) Descriptor deprecated 

func (*GetRoleBindingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetRoleBindingRequest.ProtoReflect.Descriptor instead.

func (*GetRoleBindingRequest) GetResource 

func (x *GetRoleBindingRequest) GetResource() *Resource

func (*GetRoleBindingRequest) MarshalLogObject 

func (x *GetRoleBindingRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRoleBindingRequest) ProtoMessage 

func (*GetRoleBindingRequest) ProtoMessage()

func (*GetRoleBindingRequest) ProtoReflect added in v2.7.0 

func (x *GetRoleBindingRequest) ProtoReflect() protoreflect.Message

func (*GetRoleBindingRequest) Reset 

func (x *GetRoleBindingRequest) Reset()

func (*GetRoleBindingRequest) String 

func (x *GetRoleBindingRequest) String() string

type GetRoleBindingResponse 

type GetRoleBindingResponse struct {
	Binding *RoleBinding `protobuf:"bytes,1,opt,name=binding,proto3" json:"binding,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRoleBindingResponse) Descriptor deprecated 

func (*GetRoleBindingResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetRoleBindingResponse.ProtoReflect.Descriptor instead.

func (*GetRoleBindingResponse) GetBinding 

func (x *GetRoleBindingResponse) GetBinding() *RoleBinding

func (*GetRoleBindingResponse) MarshalLogObject 

func (x *GetRoleBindingResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRoleBindingResponse) ProtoMessage 

func (*GetRoleBindingResponse) ProtoMessage()

func (*GetRoleBindingResponse) ProtoReflect added in v2.7.0 

func (x *GetRoleBindingResponse) ProtoReflect() protoreflect.Message

func (*GetRoleBindingResponse) Reset 

func (x *GetRoleBindingResponse) Reset()

func (*GetRoleBindingResponse) String 

func (x *GetRoleBindingResponse) String() string

type GetRolesForPermissionRequest 

type GetRolesForPermissionRequest struct {
	Permission Permission `protobuf:"varint,1,opt,name=permission,proto3,enum=auth_v2.Permission" json:"permission,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRolesForPermissionRequest) Descriptor deprecated 

func (*GetRolesForPermissionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetRolesForPermissionRequest.ProtoReflect.Descriptor instead.

func (*GetRolesForPermissionRequest) GetPermission 

func (x *GetRolesForPermissionRequest) GetPermission() Permission

func (*GetRolesForPermissionRequest) MarshalLogObject 

func (x *GetRolesForPermissionRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRolesForPermissionRequest) ProtoMessage 

func (*GetRolesForPermissionRequest) ProtoMessage()

func (*GetRolesForPermissionRequest) ProtoReflect added in v2.7.0 

func (x *GetRolesForPermissionRequest) ProtoReflect() protoreflect.Message

func (*GetRolesForPermissionRequest) Reset 

func (x *GetRolesForPermissionRequest) Reset()

func (*GetRolesForPermissionRequest) String 

func (x *GetRolesForPermissionRequest) String() string

type GetRolesForPermissionResponse 

type GetRolesForPermissionResponse struct {
	Roles []*Role `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
	// contains filtered or unexported fields
}

func (*GetRolesForPermissionResponse) Descriptor deprecated 

func (*GetRolesForPermissionResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetRolesForPermissionResponse.ProtoReflect.Descriptor instead.

func (*GetRolesForPermissionResponse) GetRoles 

func (x *GetRolesForPermissionResponse) GetRoles() []*Role

func (*GetRolesForPermissionResponse) MarshalLogObject 

func (x *GetRolesForPermissionResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetRolesForPermissionResponse) ProtoMessage 

func (*GetRolesForPermissionResponse) ProtoMessage()

func (*GetRolesForPermissionResponse) ProtoReflect added in v2.7.0 

func (x *GetRolesForPermissionResponse) ProtoReflect() protoreflect.Message

func (*GetRolesForPermissionResponse) Reset 

func (x *GetRolesForPermissionResponse) Reset()

func (*GetRolesForPermissionResponse) String 

func (x *GetRolesForPermissionResponse) String() string

type GetUsersRequest 

type GetUsersRequest struct {
	Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
	// contains filtered or unexported fields
}

func (*GetUsersRequest) Descriptor deprecated 

func (*GetUsersRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetUsersRequest.ProtoReflect.Descriptor instead.

func (*GetUsersRequest) GetGroup 

func (x *GetUsersRequest) GetGroup() string

func (*GetUsersRequest) MarshalLogObject 

func (x *GetUsersRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetUsersRequest) ProtoMessage 

func (*GetUsersRequest) ProtoMessage()

func (*GetUsersRequest) ProtoReflect added in v2.7.0 

func (x *GetUsersRequest) ProtoReflect() protoreflect.Message

func (*GetUsersRequest) Reset 

func (x *GetUsersRequest) Reset()

func (*GetUsersRequest) String 

func (x *GetUsersRequest) String() string

type GetUsersResponse 

type GetUsersResponse struct {
	Usernames []string `protobuf:"bytes,1,rep,name=usernames,proto3" json:"usernames,omitempty"`
	// contains filtered or unexported fields
}

func (*GetUsersResponse) Descriptor deprecated 

func (*GetUsersResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetUsersResponse.ProtoReflect.Descriptor instead.

func (*GetUsersResponse) GetUsernames 

func (x *GetUsersResponse) GetUsernames() []string

func (*GetUsersResponse) MarshalLogObject 

func (x *GetUsersResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*GetUsersResponse) ProtoMessage 

func (*GetUsersResponse) ProtoMessage()

func (*GetUsersResponse) ProtoReflect added in v2.7.0 

func (x *GetUsersResponse) ProtoReflect() protoreflect.Message

func (*GetUsersResponse) Reset 

func (x *GetUsersResponse) Reset()

func (*GetUsersResponse) String 

func (x *GetUsersResponse) String() string

type Groups 

type Groups struct {
	Groups map[string]bool `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*Groups) Descriptor deprecated 

func (*Groups) Descriptor() ([]byte, []int)

Deprecated: Use Groups.ProtoReflect.Descriptor instead.

func (*Groups) GetGroups 

func (x *Groups) GetGroups() map[string]bool

func (*Groups) MarshalLogObject 

func (x *Groups) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*Groups) ProtoMessage 

func (*Groups) ProtoMessage()

func (*Groups) ProtoReflect added in v2.7.0 

func (x *Groups) ProtoReflect() protoreflect.Message

func (*Groups) Reset 

func (x *Groups) Reset()

func (*Groups) String 

func (x *Groups) String() string

type ModifyMembersRequest 

type ModifyMembersRequest struct {
	Group  string   `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
	Add    []string `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty"`
	Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"`
	// contains filtered or unexported fields
}

func (*ModifyMembersRequest) Descriptor deprecated 

func (*ModifyMembersRequest) Descriptor() ([]byte, []int)

Deprecated: Use ModifyMembersRequest.ProtoReflect.Descriptor instead.

func (*ModifyMembersRequest) GetAdd 

func (x *ModifyMembersRequest) GetAdd() []string

func (*ModifyMembersRequest) GetGroup 

func (x *ModifyMembersRequest) GetGroup() string

func (*ModifyMembersRequest) GetRemove 

func (x *ModifyMembersRequest) GetRemove() []string

func (*ModifyMembersRequest) MarshalLogObject 

func (x *ModifyMembersRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ModifyMembersRequest) ProtoMessage 

func (*ModifyMembersRequest) ProtoMessage()

func (*ModifyMembersRequest) ProtoReflect added in v2.7.0 

func (x *ModifyMembersRequest) ProtoReflect() protoreflect.Message

func (*ModifyMembersRequest) Reset 

func (x *ModifyMembersRequest) Reset()

func (*ModifyMembersRequest) String 

func (x *ModifyMembersRequest) String() string

type ModifyMembersResponse 

type ModifyMembersResponse struct {
	// contains filtered or unexported fields
}

func (*ModifyMembersResponse) Descriptor deprecated 

func (*ModifyMembersResponse) Descriptor() ([]byte, []int)

Deprecated: Use ModifyMembersResponse.ProtoReflect.Descriptor instead.

func (*ModifyMembersResponse) MarshalLogObject 

func (x *ModifyMembersResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ModifyMembersResponse) ProtoMessage 

func (*ModifyMembersResponse) ProtoMessage()

func (*ModifyMembersResponse) ProtoReflect added in v2.7.0 

func (x *ModifyMembersResponse) ProtoReflect() protoreflect.Message

func (*ModifyMembersResponse) Reset 

func (x *ModifyMembersResponse) Reset()

func (*ModifyMembersResponse) String 

func (x *ModifyMembersResponse) String() string

type ModifyRoleBindingRequest 

type ModifyRoleBindingRequest struct {

	// resource is the resource to modify the role bindings on
	Resource *Resource `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
	// principal is the principal to modify the roles binding for
	Principal string `protobuf:"bytes,2,opt,name=principal,proto3" json:"principal,omitempty"`
	// roles is the set of roles for principal - an empty list
	// removes all role bindings
	Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
	// contains filtered or unexported fields
}

func (*ModifyRoleBindingRequest) Descriptor deprecated 

func (*ModifyRoleBindingRequest) Descriptor() ([]byte, []int)

Deprecated: Use ModifyRoleBindingRequest.ProtoReflect.Descriptor instead.

func (*ModifyRoleBindingRequest) GetPrincipal 

func (x *ModifyRoleBindingRequest) GetPrincipal() string

func (*ModifyRoleBindingRequest) GetResource 

func (x *ModifyRoleBindingRequest) GetResource() *Resource

func (*ModifyRoleBindingRequest) GetRoles 

func (x *ModifyRoleBindingRequest) GetRoles() []string

func (*ModifyRoleBindingRequest) MarshalLogObject 

func (x *ModifyRoleBindingRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ModifyRoleBindingRequest) ProtoMessage 

func (*ModifyRoleBindingRequest) ProtoMessage()

func (*ModifyRoleBindingRequest) ProtoReflect added in v2.7.0 

func (x *ModifyRoleBindingRequest) ProtoReflect() protoreflect.Message

func (*ModifyRoleBindingRequest) Reset 

func (x *ModifyRoleBindingRequest) Reset()

func (*ModifyRoleBindingRequest) String 

func (x *ModifyRoleBindingRequest) String() string

type ModifyRoleBindingResponse 

type ModifyRoleBindingResponse struct {
	// contains filtered or unexported fields
}

func (*ModifyRoleBindingResponse) Descriptor deprecated 

func (*ModifyRoleBindingResponse) Descriptor() ([]byte, []int)

Deprecated: Use ModifyRoleBindingResponse.ProtoReflect.Descriptor instead.

func (*ModifyRoleBindingResponse) MarshalLogObject 

func (x *ModifyRoleBindingResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*ModifyRoleBindingResponse) ProtoMessage 

func (*ModifyRoleBindingResponse) ProtoMessage()

func (*ModifyRoleBindingResponse) ProtoReflect added in v2.7.0 

func (x *ModifyRoleBindingResponse) ProtoReflect() protoreflect.Message

func (*ModifyRoleBindingResponse) Reset 

func (x *ModifyRoleBindingResponse) Reset()

func (*ModifyRoleBindingResponse) String 

func (x *ModifyRoleBindingResponse) String() string

type OIDCConfig 

type OIDCConfig struct {
	Issuer               string   `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	ClientId             string   `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	ClientSecret         string   `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
	RedirectUri          string   `protobuf:"bytes,4,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
	Scopes               []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"`
	RequireEmailVerified bool     `protobuf:"varint,6,opt,name=require_email_verified,json=requireEmailVerified,proto3" json:"require_email_verified,omitempty"`
	// localhost_issuer ignores the contents of the issuer claim and makes all
	// OIDC requests to the embedded OIDC provider. This is necessary to support
	// some network configurations like Minikube.
	LocalhostIssuer bool `protobuf:"varint,7,opt,name=localhost_issuer,json=localhostIssuer,proto3" json:"localhost_issuer,omitempty"`
	// user_accessible_issuer_host can be set to override the host used
	// in the OAuth2 authorization URL in case the OIDC issuer isn't
	// accessible outside the cluster. This requires a fully formed URL with scheme of either http or https.
	// This is necessary to support some configurations like Minikube.
	UserAccessibleIssuerHost string `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

Configure Pachyderm's auth system with an OIDC provider

func (*OIDCConfig) Descriptor deprecated 

func (*OIDCConfig) Descriptor() ([]byte, []int)

Deprecated: Use OIDCConfig.ProtoReflect.Descriptor instead.

func (*OIDCConfig) GetClientId added in v2.7.0 

func (x *OIDCConfig) GetClientId() string

func (*OIDCConfig) GetClientSecret 

func (x *OIDCConfig) GetClientSecret() string

func (*OIDCConfig) GetIssuer 

func (x *OIDCConfig) GetIssuer() string

func (*OIDCConfig) GetLocalhostIssuer 

func (x *OIDCConfig) GetLocalhostIssuer() bool

func (*OIDCConfig) GetRedirectUri added in v2.7.0 

func (x *OIDCConfig) GetRedirectUri() string

func (*OIDCConfig) GetRequireEmailVerified 

func (x *OIDCConfig) GetRequireEmailVerified() bool

func (*OIDCConfig) GetScopes 

func (x *OIDCConfig) GetScopes() []string

func (*OIDCConfig) GetUserAccessibleIssuerHost 

func (x *OIDCConfig) GetUserAccessibleIssuerHost() string

func (*OIDCConfig) MarshalLogObject 

func (x *OIDCConfig) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*OIDCConfig) ProtoMessage 

func (*OIDCConfig) ProtoMessage()

func (*OIDCConfig) ProtoReflect added in v2.7.0 

func (x *OIDCConfig) ProtoReflect() protoreflect.Message

func (*OIDCConfig) Reset 

func (x *OIDCConfig) Reset()

func (*OIDCConfig) String 

func (x *OIDCConfig) String() string

type Permission 

type Permission int32

Permission represents the ability to perform a given operation on a Resource 

const (
	Permission_PERMISSION_UNKNOWN                         Permission = 0
	Permission_CLUSTER_MODIFY_BINDINGS                    Permission = 100
	Permission_CLUSTER_GET_BINDINGS                       Permission = 101
	Permission_CLUSTER_GET_PACHD_LOGS                     Permission = 148
	Permission_CLUSTER_GET_LOKI_LOGS                      Permission = 150
	Permission_CLUSTER_AUTH_ACTIVATE                      Permission = 102
	Permission_CLUSTER_AUTH_DEACTIVATE                    Permission = 103
	Permission_CLUSTER_AUTH_GET_CONFIG                    Permission = 104
	Permission_CLUSTER_AUTH_SET_CONFIG                    Permission = 105
	Permission_CLUSTER_AUTH_GET_ROBOT_TOKEN               Permission = 139
	Permission_CLUSTER_AUTH_MODIFY_GROUP_MEMBERS          Permission = 109
	Permission_CLUSTER_AUTH_GET_GROUPS                    Permission = 110
	Permission_CLUSTER_AUTH_GET_GROUP_USERS               Permission = 111
	Permission_CLUSTER_AUTH_EXTRACT_TOKENS                Permission = 112
	Permission_CLUSTER_AUTH_RESTORE_TOKEN                 Permission = 113
	Permission_CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL Permission = 141
	Permission_CLUSTER_AUTH_DELETE_EXPIRED_TOKENS         Permission = 140
	Permission_CLUSTER_AUTH_REVOKE_USER_TOKENS            Permission = 142
	Permission_CLUSTER_AUTH_ROTATE_ROOT_TOKEN             Permission = 147
	Permission_CLUSTER_ENTERPRISE_ACTIVATE                Permission = 114
	Permission_CLUSTER_ENTERPRISE_HEARTBEAT               Permission = 115
	Permission_CLUSTER_ENTERPRISE_GET_CODE                Permission = 116
	Permission_CLUSTER_ENTERPRISE_DEACTIVATE              Permission = 117
	Permission_CLUSTER_ENTERPRISE_PAUSE                   Permission = 149
	Permission_CLUSTER_IDENTITY_SET_CONFIG                Permission = 118
	Permission_CLUSTER_IDENTITY_GET_CONFIG                Permission = 119
	Permission_CLUSTER_IDENTITY_CREATE_IDP                Permission = 120
	Permission_CLUSTER_IDENTITY_UPDATE_IDP                Permission = 121
	Permission_CLUSTER_IDENTITY_LIST_IDPS                 Permission = 122
	Permission_CLUSTER_IDENTITY_GET_IDP                   Permission = 123
	Permission_CLUSTER_IDENTITY_DELETE_IDP                Permission = 124
	Permission_CLUSTER_IDENTITY_CREATE_OIDC_CLIENT        Permission = 125
	Permission_CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT        Permission = 126
	Permission_CLUSTER_IDENTITY_LIST_OIDC_CLIENTS         Permission = 127
	Permission_CLUSTER_IDENTITY_GET_OIDC_CLIENT           Permission = 128
	Permission_CLUSTER_IDENTITY_DELETE_OIDC_CLIENT        Permission = 129
	Permission_CLUSTER_DEBUG_DUMP                         Permission = 131
	Permission_CLUSTER_LICENSE_ACTIVATE                   Permission = 132
	Permission_CLUSTER_LICENSE_GET_CODE                   Permission = 133
	Permission_CLUSTER_LICENSE_ADD_CLUSTER                Permission = 134
	Permission_CLUSTER_LICENSE_UPDATE_CLUSTER             Permission = 135
	Permission_CLUSTER_LICENSE_DELETE_CLUSTER             Permission = 136
	Permission_CLUSTER_LICENSE_LIST_CLUSTERS              Permission = 137
	// TODO(actgardner): Make k8s secrets into nouns and add an Update RPC
	Permission_CLUSTER_CREATE_SECRET       Permission = 143
	Permission_CLUSTER_LIST_SECRETS        Permission = 144
	Permission_SECRET_DELETE               Permission = 145
	Permission_SECRET_INSPECT              Permission = 146
	Permission_CLUSTER_DELETE_ALL          Permission = 138
	Permission_REPO_READ                   Permission = 200
	Permission_REPO_WRITE                  Permission = 201
	Permission_REPO_MODIFY_BINDINGS        Permission = 202
	Permission_REPO_DELETE                 Permission = 203
	Permission_REPO_INSPECT_COMMIT         Permission = 204
	Permission_REPO_LIST_COMMIT            Permission = 205
	Permission_REPO_DELETE_COMMIT          Permission = 206
	Permission_REPO_CREATE_BRANCH          Permission = 207
	Permission_REPO_LIST_BRANCH            Permission = 208
	Permission_REPO_DELETE_BRANCH          Permission = 209
	Permission_REPO_INSPECT_FILE           Permission = 210
	Permission_REPO_LIST_FILE              Permission = 211
	Permission_REPO_ADD_PIPELINE_READER    Permission = 212
	Permission_REPO_REMOVE_PIPELINE_READER Permission = 213
	Permission_REPO_ADD_PIPELINE_WRITER    Permission = 214
	Permission_PIPELINE_LIST_JOB           Permission = 301
	Permission_PROJECT_CREATE              Permission = 400
	Permission_PROJECT_DELETE              Permission = 401
	Permission_PROJECT_LIST_REPO           Permission = 402
	Permission_PROJECT_CREATE_REPO         Permission = 403
	Permission_PROJECT_MODIFY_BINDINGS     Permission = 404
)

func (Permission) Descriptor added in v2.7.0 

func (Permission) Descriptor() protoreflect.EnumDescriptor

func (Permission) Enum added in v2.7.0 

func (x Permission) Enum() *Permission

func (Permission) EnumDescriptor deprecated 

func (Permission) EnumDescriptor() ([]byte, []int)

Deprecated: Use Permission.Descriptor instead.

func (Permission) Number added in v2.7.0 

func (x Permission) Number() protoreflect.EnumNumber

func (Permission) String 

func (x Permission) String() string

func (Permission) Type added in v2.7.0 

func (Permission) Type() protoreflect.EnumType

type Resource 

type Resource struct {
	Type ResourceType `protobuf:"varint,1,opt,name=type,proto3,enum=auth_v2.ResourceType" json:"type,omitempty"`
	Name string       `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Resource represents any resource that has role-bindings in the system

func (*Resource) Descriptor deprecated 

func (*Resource) Descriptor() ([]byte, []int)

Deprecated: Use Resource.ProtoReflect.Descriptor instead.

func (*Resource) GetName 

func (x *Resource) GetName() string

func (*Resource) GetType 

func (x *Resource) GetType() ResourceType

func (*Resource) MarshalLogObject 

func (x *Resource) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*Resource) ProtoMessage 

func (*Resource) ProtoMessage()

func (*Resource) ProtoReflect added in v2.7.0 

func (x *Resource) ProtoReflect() protoreflect.Message

func (*Resource) Reset 

func (x *Resource) Reset()

func (*Resource) String 

func (x *Resource) String() string

type ResourceType 

type ResourceType int32

ResourceType represents the type of a Resource 

const (
	ResourceType_RESOURCE_TYPE_UNKNOWN ResourceType = 0
	ResourceType_CLUSTER               ResourceType = 1
	ResourceType_REPO                  ResourceType = 2
	ResourceType_SPEC_REPO             ResourceType = 3
	ResourceType_PROJECT               ResourceType = 4
)

func (ResourceType) Descriptor added in v2.7.0 

func (ResourceType) Descriptor() protoreflect.EnumDescriptor

func (ResourceType) Enum added in v2.7.0 

func (x ResourceType) Enum() *ResourceType

func (ResourceType) EnumDescriptor deprecated 

func (ResourceType) EnumDescriptor() ([]byte, []int)

Deprecated: Use ResourceType.Descriptor instead.

func (ResourceType) Number added in v2.7.0 

func (x ResourceType) Number() protoreflect.EnumNumber

func (ResourceType) String 

func (x ResourceType) String() string

func (ResourceType) Type added in v2.7.0 

func (ResourceType) Type() protoreflect.EnumType

type RestoreAuthTokenRequest 

type RestoreAuthTokenRequest struct {
	Token *TokenInfo `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

RestoreAuthToken inserts a hashed token that has previously been extracted.

func (*RestoreAuthTokenRequest) Descriptor deprecated 

func (*RestoreAuthTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use RestoreAuthTokenRequest.ProtoReflect.Descriptor instead.

func (*RestoreAuthTokenRequest) GetToken 

func (x *RestoreAuthTokenRequest) GetToken() *TokenInfo

func (*RestoreAuthTokenRequest) MarshalLogObject 

func (x *RestoreAuthTokenRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RestoreAuthTokenRequest) ProtoMessage 

func (*RestoreAuthTokenRequest) ProtoMessage()

func (*RestoreAuthTokenRequest) ProtoReflect added in v2.7.0 

func (x *RestoreAuthTokenRequest) ProtoReflect() protoreflect.Message

func (*RestoreAuthTokenRequest) Reset 

func (x *RestoreAuthTokenRequest) Reset()

func (*RestoreAuthTokenRequest) String 

func (x *RestoreAuthTokenRequest) String() string

type RestoreAuthTokenResponse 

type RestoreAuthTokenResponse struct {
	// contains filtered or unexported fields
}

func (*RestoreAuthTokenResponse) Descriptor deprecated 

func (*RestoreAuthTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use RestoreAuthTokenResponse.ProtoReflect.Descriptor instead.

func (*RestoreAuthTokenResponse) MarshalLogObject 

func (x *RestoreAuthTokenResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RestoreAuthTokenResponse) ProtoMessage 

func (*RestoreAuthTokenResponse) ProtoMessage()

func (*RestoreAuthTokenResponse) ProtoReflect added in v2.7.0 

func (x *RestoreAuthTokenResponse) ProtoReflect() protoreflect.Message

func (*RestoreAuthTokenResponse) Reset 

func (x *RestoreAuthTokenResponse) Reset()

func (*RestoreAuthTokenResponse) String 

func (x *RestoreAuthTokenResponse) String() string

type RevokeAuthTokenRequest 

type RevokeAuthTokenRequest struct {
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeAuthTokenRequest) Descriptor deprecated 

func (*RevokeAuthTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeAuthTokenRequest.ProtoReflect.Descriptor instead.

func (*RevokeAuthTokenRequest) GetToken 

func (x *RevokeAuthTokenRequest) GetToken() string

func (*RevokeAuthTokenRequest) MarshalLogObject 

func (x *RevokeAuthTokenRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RevokeAuthTokenRequest) ProtoMessage 

func (*RevokeAuthTokenRequest) ProtoMessage()

func (*RevokeAuthTokenRequest) ProtoReflect added in v2.7.0 

func (x *RevokeAuthTokenRequest) ProtoReflect() protoreflect.Message

func (*RevokeAuthTokenRequest) Reset 

func (x *RevokeAuthTokenRequest) Reset()

func (*RevokeAuthTokenRequest) String 

func (x *RevokeAuthTokenRequest) String() string

type RevokeAuthTokenResponse 

type RevokeAuthTokenResponse struct {
	Number int64 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeAuthTokenResponse) Descriptor deprecated 

func (*RevokeAuthTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use RevokeAuthTokenResponse.ProtoReflect.Descriptor instead.

func (*RevokeAuthTokenResponse) GetNumber 

func (x *RevokeAuthTokenResponse) GetNumber() int64

func (*RevokeAuthTokenResponse) MarshalLogObject 

func (x *RevokeAuthTokenResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RevokeAuthTokenResponse) ProtoMessage 

func (*RevokeAuthTokenResponse) ProtoMessage()

func (*RevokeAuthTokenResponse) ProtoReflect added in v2.7.0 

func (x *RevokeAuthTokenResponse) ProtoReflect() protoreflect.Message

func (*RevokeAuthTokenResponse) Reset 

func (x *RevokeAuthTokenResponse) Reset()

func (*RevokeAuthTokenResponse) String 

func (x *RevokeAuthTokenResponse) String() string

type RevokeAuthTokensForUserRequest 

type RevokeAuthTokensForUserRequest struct {
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeAuthTokensForUserRequest) Descriptor deprecated 

func (*RevokeAuthTokensForUserRequest) Descriptor() ([]byte, []int)

Deprecated: Use RevokeAuthTokensForUserRequest.ProtoReflect.Descriptor instead.

func (*RevokeAuthTokensForUserRequest) GetUsername 

func (x *RevokeAuthTokensForUserRequest) GetUsername() string

func (*RevokeAuthTokensForUserRequest) MarshalLogObject 

func (x *RevokeAuthTokensForUserRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RevokeAuthTokensForUserRequest) ProtoMessage 

func (*RevokeAuthTokensForUserRequest) ProtoMessage()

func (*RevokeAuthTokensForUserRequest) ProtoReflect added in v2.7.0 

func (x *RevokeAuthTokensForUserRequest) ProtoReflect() protoreflect.Message

func (*RevokeAuthTokensForUserRequest) Reset 

func (x *RevokeAuthTokensForUserRequest) Reset()

func (*RevokeAuthTokensForUserRequest) String 

func (x *RevokeAuthTokensForUserRequest) String() string

type RevokeAuthTokensForUserResponse 

type RevokeAuthTokensForUserResponse struct {
	Number int64 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
	// contains filtered or unexported fields
}

func (*RevokeAuthTokensForUserResponse) Descriptor deprecated 

func (*RevokeAuthTokensForUserResponse) Descriptor() ([]byte, []int)

Deprecated: Use RevokeAuthTokensForUserResponse.ProtoReflect.Descriptor instead.

func (*RevokeAuthTokensForUserResponse) GetNumber 

func (x *RevokeAuthTokensForUserResponse) GetNumber() int64

func (*RevokeAuthTokensForUserResponse) MarshalLogObject 

func (x *RevokeAuthTokensForUserResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RevokeAuthTokensForUserResponse) ProtoMessage 

func (*RevokeAuthTokensForUserResponse) ProtoMessage()

func (*RevokeAuthTokensForUserResponse) ProtoReflect added in v2.7.0 

func (x *RevokeAuthTokensForUserResponse) ProtoReflect() protoreflect.Message

func (*RevokeAuthTokensForUserResponse) Reset 

func (x *RevokeAuthTokensForUserResponse) Reset()

func (*RevokeAuthTokensForUserResponse) String 

func (x *RevokeAuthTokensForUserResponse) String() string

type Role 

type Role struct {
	Name        string       `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	Permissions []Permission `protobuf:"varint,2,rep,packed,name=permissions,proto3,enum=auth_v2.Permission" json:"permissions,omitempty"`
	// Resources this role can be bound to.  For example, you can't apply clusterAdmin to a repo, so
	// REPO would not be listed here.
	CanBeBoundTo []ResourceType `` /* 135-byte string literal not displayed */
	// Resources this role is returned for.  For example, a principal might have clusterAdmin
	// permissions on the cluster, and this is what allows them to write to a repo.  So, clusterAdmin
	// is returned for the repo, even though it cannot be bound to a repo.
	ReturnedFor []ResourceType `` /* 128-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*Role) Descriptor deprecated 

func (*Role) Descriptor() ([]byte, []int)

Deprecated: Use Role.ProtoReflect.Descriptor instead.

func (*Role) GetCanBeBoundTo added in v2.6.4 

func (x *Role) GetCanBeBoundTo() []ResourceType

func (*Role) GetName 

func (x *Role) GetName() string

func (*Role) GetPermissions 

func (x *Role) GetPermissions() []Permission

func (*Role) GetReturnedFor added in v2.6.4 

func (x *Role) GetReturnedFor() []ResourceType

func (*Role) MarshalLogObject 

func (x *Role) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*Role) ProtoMessage 

func (*Role) ProtoMessage()

func (*Role) ProtoReflect added in v2.7.0 

func (x *Role) ProtoReflect() protoreflect.Message

func (*Role) Reset 

func (x *Role) Reset()

func (*Role) String 

func (x *Role) String() string

type RoleBinding 

type RoleBinding struct {

	// principal -> roles. All principal names include the structured prefix indicating their type.
	Entries map[string]*Roles `` /* 155-byte string literal not displayed */
	// contains filtered or unexported fields
}

RoleBinding represents the set of roles principals have on a given Resource

func (*RoleBinding) Descriptor deprecated 

func (*RoleBinding) Descriptor() ([]byte, []int)

Deprecated: Use RoleBinding.ProtoReflect.Descriptor instead.

func (*RoleBinding) GetEntries 

func (x *RoleBinding) GetEntries() map[string]*Roles

func (*RoleBinding) MarshalLogObject 

func (x *RoleBinding) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RoleBinding) ProtoMessage 

func (*RoleBinding) ProtoMessage()

func (*RoleBinding) ProtoReflect added in v2.7.0 

func (x *RoleBinding) ProtoReflect() protoreflect.Message

func (*RoleBinding) Reset 

func (x *RoleBinding) Reset()

func (*RoleBinding) String 

func (x *RoleBinding) String() string

type Roles 

type Roles struct {
	Roles map[string]bool `` /* 152-byte string literal not displayed */
	// contains filtered or unexported fields
}

Roles represents the set of roles a principal has

func (*Roles) Descriptor deprecated 

func (*Roles) Descriptor() ([]byte, []int)

Deprecated: Use Roles.ProtoReflect.Descriptor instead.

func (*Roles) GetRoles 

func (x *Roles) GetRoles() map[string]bool

func (*Roles) MarshalLogObject 

func (x *Roles) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*Roles) ProtoMessage 

func (*Roles) ProtoMessage()

func (*Roles) ProtoReflect added in v2.7.0 

func (x *Roles) ProtoReflect() protoreflect.Message

func (*Roles) Reset 

func (x *Roles) Reset()

func (*Roles) String 

func (x *Roles) String() string

type RotateRootTokenRequest 

type RotateRootTokenRequest struct {

	// root_token is used as the new root token value. If it's unset, then a token will be auto-generated.
	RootToken string `protobuf:"bytes,1,opt,name=root_token,json=rootToken,proto3" json:"root_token,omitempty"`
	// contains filtered or unexported fields
}

func (*RotateRootTokenRequest) Descriptor deprecated 

func (*RotateRootTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateRootTokenRequest.ProtoReflect.Descriptor instead.

func (*RotateRootTokenRequest) GetRootToken 

func (x *RotateRootTokenRequest) GetRootToken() string

func (*RotateRootTokenRequest) MarshalLogObject 

func (x *RotateRootTokenRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RotateRootTokenRequest) ProtoMessage 

func (*RotateRootTokenRequest) ProtoMessage()

func (*RotateRootTokenRequest) ProtoReflect added in v2.7.0 

func (x *RotateRootTokenRequest) ProtoReflect() protoreflect.Message

func (*RotateRootTokenRequest) Reset 

func (x *RotateRootTokenRequest) Reset()

func (*RotateRootTokenRequest) String 

func (x *RotateRootTokenRequest) String() string

type RotateRootTokenResponse 

type RotateRootTokenResponse struct {
	RootToken string `protobuf:"bytes,1,opt,name=root_token,json=rootToken,proto3" json:"root_token,omitempty"`
	// contains filtered or unexported fields
}

func (*RotateRootTokenResponse) Descriptor deprecated 

func (*RotateRootTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateRootTokenResponse.ProtoReflect.Descriptor instead.

func (*RotateRootTokenResponse) GetRootToken 

func (x *RotateRootTokenResponse) GetRootToken() string

func (*RotateRootTokenResponse) MarshalLogObject 

func (x *RotateRootTokenResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*RotateRootTokenResponse) ProtoMessage 

func (*RotateRootTokenResponse) ProtoMessage()

func (*RotateRootTokenResponse) ProtoReflect added in v2.7.0 

func (x *RotateRootTokenResponse) ProtoReflect() protoreflect.Message

func (*RotateRootTokenResponse) Reset 

func (x *RotateRootTokenResponse) Reset()

func (*RotateRootTokenResponse) String 

func (x *RotateRootTokenResponse) String() string

type SessionInfo 

type SessionInfo struct {

	// nonce is used by /authorization-code/callback to validate session
	// continuity with the IdP after a user has arrived there from GetOIDCLogin().
	// This is a 30-character CSPRNG-generated string.
	Nonce string `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"`
	// email contains the email adddress associated with a user in their OIDC ID
	// provider. Currently users are identified with their email address rather
	// than their OIDC subject identifier to make switching between OIDC ID
	// providers easier for users, and to make user identities more easily
	// comprehensible in Pachyderm. The OIDC spec doesn't require that users'
	// emails be present or unique, but we think this will be preferable in
	// practice.
	Email string `protobuf:"bytes,2,opt,name=email,proto3" json:"email,omitempty"`
	// conversion_err indicates whether an error was encountered while exchanging
	// an auth code for an access token, or while obtaining a user's email (in
	// /authorization-code/callback). Storing the error state here allows any
	// sibling calls to Authenticate() (i.e. using the same OIDC state token) to
	// notify their caller that an error has occurred. We avoid passing the caller
	// any details of the error (which are logged by Pachyderm) to avoid giving
	// information to a user who has network access to Pachyderm but not an
	// account in the OIDC provider.
	ConversionErr bool `protobuf:"varint,3,opt,name=conversion_err,json=conversionErr,proto3" json:"conversion_err,omitempty"`
	// contains filtered or unexported fields
}

SessionInfo stores information associated with one OIDC authentication session (i.e. a single instance of a single user logging in). Sessions are short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC 'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin' generates and inserts entries, then /authorization-code/callback retrieves an access token from the ID provider and uses it to retrive the caller's email and store it in 'email', and finally Authorize() returns a Pachyderm token identified with that email address as a subject in Pachyderm.

func (*SessionInfo) Descriptor deprecated 

func (*SessionInfo) Descriptor() ([]byte, []int)

Deprecated: Use SessionInfo.ProtoReflect.Descriptor instead.

func (*SessionInfo) GetConversionErr 

func (x *SessionInfo) GetConversionErr() bool

func (*SessionInfo) GetEmail 

func (x *SessionInfo) GetEmail() string

func (*SessionInfo) GetNonce 

func (x *SessionInfo) GetNonce() string

func (*SessionInfo) MarshalLogObject 

func (x *SessionInfo) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*SessionInfo) ProtoMessage 

func (*SessionInfo) ProtoMessage()

func (*SessionInfo) ProtoReflect added in v2.7.0 

func (x *SessionInfo) ProtoReflect() protoreflect.Message

func (*SessionInfo) Reset 

func (x *SessionInfo) Reset()

func (*SessionInfo) String 

func (x *SessionInfo) String() string

type SetConfigurationRequest 

type SetConfigurationRequest struct {
	Configuration *OIDCConfig `protobuf:"bytes,1,opt,name=configuration,proto3" json:"configuration,omitempty"`
	// contains filtered or unexported fields
}

func (*SetConfigurationRequest) Descriptor deprecated 

func (*SetConfigurationRequest) Descriptor() ([]byte, []int)

Deprecated: Use SetConfigurationRequest.ProtoReflect.Descriptor instead.

func (*SetConfigurationRequest) GetConfiguration 

func (x *SetConfigurationRequest) GetConfiguration() *OIDCConfig

func (*SetConfigurationRequest) MarshalLogObject 

func (x *SetConfigurationRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*SetConfigurationRequest) ProtoMessage 

func (*SetConfigurationRequest) ProtoMessage()

func (*SetConfigurationRequest) ProtoReflect added in v2.7.0 

func (x *SetConfigurationRequest) ProtoReflect() protoreflect.Message

func (*SetConfigurationRequest) Reset 

func (x *SetConfigurationRequest) Reset()

func (*SetConfigurationRequest) String 

func (x *SetConfigurationRequest) String() string

type SetConfigurationResponse 

type SetConfigurationResponse struct {
	// contains filtered or unexported fields
}

func (*SetConfigurationResponse) Descriptor deprecated 

func (*SetConfigurationResponse) Descriptor() ([]byte, []int)

Deprecated: Use SetConfigurationResponse.ProtoReflect.Descriptor instead.

func (*SetConfigurationResponse) MarshalLogObject 

func (x *SetConfigurationResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*SetConfigurationResponse) ProtoMessage 

func (*SetConfigurationResponse) ProtoMessage()

func (*SetConfigurationResponse) ProtoReflect added in v2.7.0 

func (x *SetConfigurationResponse) ProtoReflect() protoreflect.Message

func (*SetConfigurationResponse) Reset 

func (x *SetConfigurationResponse) Reset()

func (*SetConfigurationResponse) String 

func (x *SetConfigurationResponse) String() string

type SetGroupsForUserRequest 

type SetGroupsForUserRequest struct {
	Username string   `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	Groups   []string `protobuf:"bytes,2,rep,name=groups,proto3" json:"groups,omitempty"`
	// contains filtered or unexported fields
}

func (*SetGroupsForUserRequest) Descriptor deprecated 

func (*SetGroupsForUserRequest) Descriptor() ([]byte, []int)

Deprecated: Use SetGroupsForUserRequest.ProtoReflect.Descriptor instead.

func (*SetGroupsForUserRequest) GetGroups 

func (x *SetGroupsForUserRequest) GetGroups() []string

func (*SetGroupsForUserRequest) GetUsername 

func (x *SetGroupsForUserRequest) GetUsername() string

func (*SetGroupsForUserRequest) MarshalLogObject 

func (x *SetGroupsForUserRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*SetGroupsForUserRequest) ProtoMessage 

func (*SetGroupsForUserRequest) ProtoMessage()

func (*SetGroupsForUserRequest) ProtoReflect added in v2.7.0 

func (x *SetGroupsForUserRequest) ProtoReflect() protoreflect.Message

func (*SetGroupsForUserRequest) Reset 

func (x *SetGroupsForUserRequest) Reset()

func (*SetGroupsForUserRequest) String 

func (x *SetGroupsForUserRequest) String() string

type SetGroupsForUserResponse 

type SetGroupsForUserResponse struct {
	// contains filtered or unexported fields
}

func (*SetGroupsForUserResponse) Descriptor deprecated 

func (*SetGroupsForUserResponse) Descriptor() ([]byte, []int)

Deprecated: Use SetGroupsForUserResponse.ProtoReflect.Descriptor instead.

func (*SetGroupsForUserResponse) MarshalLogObject 

func (x *SetGroupsForUserResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*SetGroupsForUserResponse) ProtoMessage 

func (*SetGroupsForUserResponse) ProtoMessage()

func (*SetGroupsForUserResponse) ProtoReflect added in v2.7.0 

func (x *SetGroupsForUserResponse) ProtoReflect() protoreflect.Message

func (*SetGroupsForUserResponse) Reset 

func (x *SetGroupsForUserResponse) Reset()

func (*SetGroupsForUserResponse) String 

func (x *SetGroupsForUserResponse) String() string

type TokenInfo 

type TokenInfo struct {

	// Subject (i.e. Pachyderm account) that a given token authorizes.
	// See the note at the top of the doc for an explanation of subject structure.
	Subject     string                 `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	Expiration  *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expiration,proto3" json:"expiration,omitempty"`
	HashedToken string                 `protobuf:"bytes,3,opt,name=hashed_token,json=hashedToken,proto3" json:"hashed_token,omitempty"`
	// contains filtered or unexported fields
}

TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection

func (*TokenInfo) Descriptor deprecated 

func (*TokenInfo) Descriptor() ([]byte, []int)

Deprecated: Use TokenInfo.ProtoReflect.Descriptor instead.

func (*TokenInfo) GetExpiration 

func (x *TokenInfo) GetExpiration() *timestamppb.Timestamp

func (*TokenInfo) GetHashedToken 

func (x *TokenInfo) GetHashedToken() string

func (*TokenInfo) GetSubject 

func (x *TokenInfo) GetSubject() string

func (*TokenInfo) MarshalLogObject 

func (x *TokenInfo) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*TokenInfo) ProtoMessage 

func (*TokenInfo) ProtoMessage()

func (*TokenInfo) ProtoReflect added in v2.7.0 

func (x *TokenInfo) ProtoReflect() protoreflect.Message

func (*TokenInfo) Reset 

func (x *TokenInfo) Reset()

func (*TokenInfo) String 

func (x *TokenInfo) String() string

type UnimplementedAPIServer 

type UnimplementedAPIServer struct {
}

UnimplementedAPIServer must be embedded to have forward compatible implementations.

func (UnimplementedAPIServer) Activate 

func (UnimplementedAPIServer) Activate(context.Context, *ActivateRequest) (*ActivateResponse, error)

func (UnimplementedAPIServer) Authenticate 

func (UnimplementedAPIServer) Authenticate(context.Context, *AuthenticateRequest) (*AuthenticateResponse, error)

func (UnimplementedAPIServer) Authorize 

func (UnimplementedAPIServer) Authorize(context.Context, *AuthorizeRequest) (*AuthorizeResponse, error)

func (UnimplementedAPIServer) Deactivate 

func (UnimplementedAPIServer) Deactivate(context.Context, *DeactivateRequest) (*DeactivateResponse, error)

func (UnimplementedAPIServer) DeleteExpiredAuthTokens 

func (UnimplementedAPIServer) DeleteExpiredAuthTokens(context.Context, *DeleteExpiredAuthTokensRequest) (*DeleteExpiredAuthTokensResponse, error)

func (UnimplementedAPIServer) ExtractAuthTokens 

func (UnimplementedAPIServer) ExtractAuthTokens(context.Context, *ExtractAuthTokensRequest) (*ExtractAuthTokensResponse, error)

func (UnimplementedAPIServer) GetConfiguration 

func (UnimplementedAPIServer) GetConfiguration(context.Context, *GetConfigurationRequest) (*GetConfigurationResponse, error)

func (UnimplementedAPIServer) GetGroups 

func (UnimplementedAPIServer) GetGroups(context.Context, *GetGroupsRequest) (*GetGroupsResponse, error)

func (UnimplementedAPIServer) GetGroupsForPrincipal 

func (UnimplementedAPIServer) GetGroupsForPrincipal(context.Context, *GetGroupsForPrincipalRequest) (*GetGroupsResponse, error)

func (UnimplementedAPIServer) GetOIDCLogin 

func (UnimplementedAPIServer) GetOIDCLogin(context.Context, *GetOIDCLoginRequest) (*GetOIDCLoginResponse, error)

func (UnimplementedAPIServer) GetPermissions 

func (UnimplementedAPIServer) GetPermissions(context.Context, *GetPermissionsRequest) (*GetPermissionsResponse, error)

func (UnimplementedAPIServer) GetPermissionsForPrincipal 

func (UnimplementedAPIServer) GetPermissionsForPrincipal(context.Context, *GetPermissionsForPrincipalRequest) (*GetPermissionsResponse, error)

func (UnimplementedAPIServer) GetRobotToken 

func (UnimplementedAPIServer) GetRobotToken(context.Context, *GetRobotTokenRequest) (*GetRobotTokenResponse, error)

func (UnimplementedAPIServer) GetRoleBinding 

func (UnimplementedAPIServer) GetRoleBinding(context.Context, *GetRoleBindingRequest) (*GetRoleBindingResponse, error)

func (UnimplementedAPIServer) GetRolesForPermission 

func (UnimplementedAPIServer) GetRolesForPermission(context.Context, *GetRolesForPermissionRequest) (*GetRolesForPermissionResponse, error)

func (UnimplementedAPIServer) GetUsers 

func (UnimplementedAPIServer) GetUsers(context.Context, *GetUsersRequest) (*GetUsersResponse, error)

func (UnimplementedAPIServer) ModifyMembers 

func (UnimplementedAPIServer) ModifyMembers(context.Context, *ModifyMembersRequest) (*ModifyMembersResponse, error)

func (UnimplementedAPIServer) ModifyRoleBinding 

func (UnimplementedAPIServer) ModifyRoleBinding(context.Context, *ModifyRoleBindingRequest) (*ModifyRoleBindingResponse, error)

func (UnimplementedAPIServer) RestoreAuthToken 

func (UnimplementedAPIServer) RestoreAuthToken(context.Context, *RestoreAuthTokenRequest) (*RestoreAuthTokenResponse, error)

func (UnimplementedAPIServer) RevokeAuthToken 

func (UnimplementedAPIServer) RevokeAuthToken(context.Context, *RevokeAuthTokenRequest) (*RevokeAuthTokenResponse, error)

func (UnimplementedAPIServer) RevokeAuthTokensForUser 

func (UnimplementedAPIServer) RevokeAuthTokensForUser(context.Context, *RevokeAuthTokensForUserRequest) (*RevokeAuthTokensForUserResponse, error)

func (UnimplementedAPIServer) RotateRootToken 

func (UnimplementedAPIServer) RotateRootToken(context.Context, *RotateRootTokenRequest) (*RotateRootTokenResponse, error)

func (UnimplementedAPIServer) SetConfiguration 

func (UnimplementedAPIServer) SetConfiguration(context.Context, *SetConfigurationRequest) (*SetConfigurationResponse, error)

func (UnimplementedAPIServer) SetGroupsForUser 

func (UnimplementedAPIServer) SetGroupsForUser(context.Context, *SetGroupsForUserRequest) (*SetGroupsForUserResponse, error)

func (UnimplementedAPIServer) WhoAmI 

func (UnimplementedAPIServer) WhoAmI(context.Context, *WhoAmIRequest) (*WhoAmIResponse, error)

type UnsafeAPIServer added in v2.7.0 

type UnsafeAPIServer interface {
	// contains filtered or unexported methods
}

UnsafeAPIServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to APIServer will result in compilation errors.

type Users 

type Users struct {
	Usernames map[string]bool `` /* 160-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*Users) Descriptor deprecated 

func (*Users) Descriptor() ([]byte, []int)

Deprecated: Use Users.ProtoReflect.Descriptor instead.

func (*Users) GetUsernames 

func (x *Users) GetUsernames() map[string]bool

func (*Users) MarshalLogObject 

func (x *Users) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*Users) ProtoMessage 

func (*Users) ProtoMessage()

func (*Users) ProtoReflect added in v2.7.0 

func (x *Users) ProtoReflect() protoreflect.Message

func (*Users) Reset 

func (x *Users) Reset()

func (*Users) String 

func (x *Users) String() string

type WhoAmIRequest 

type WhoAmIRequest struct {
	// contains filtered or unexported fields
}

func (*WhoAmIRequest) Descriptor deprecated 

func (*WhoAmIRequest) Descriptor() ([]byte, []int)

Deprecated: Use WhoAmIRequest.ProtoReflect.Descriptor instead.

func (*WhoAmIRequest) MarshalLogObject 

func (x *WhoAmIRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*WhoAmIRequest) ProtoMessage 

func (*WhoAmIRequest) ProtoMessage()

func (*WhoAmIRequest) ProtoReflect added in v2.7.0 

func (x *WhoAmIRequest) ProtoReflect() protoreflect.Message

func (*WhoAmIRequest) Reset 

func (x *WhoAmIRequest) Reset()

func (*WhoAmIRequest) String 

func (x *WhoAmIRequest) String() string

type WhoAmIResponse 

type WhoAmIResponse struct {
	Username   string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	Expiration *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expiration,proto3" json:"expiration,omitempty"`
	// contains filtered or unexported fields
}

func (*WhoAmIResponse) Descriptor deprecated 

func (*WhoAmIResponse) Descriptor() ([]byte, []int)

Deprecated: Use WhoAmIResponse.ProtoReflect.Descriptor instead.

func (*WhoAmIResponse) GetExpiration 

func (x *WhoAmIResponse) GetExpiration() *timestamppb.Timestamp

func (*WhoAmIResponse) GetUsername 

func (x *WhoAmIResponse) GetUsername() string

func (*WhoAmIResponse) MarshalLogObject 

func (x *WhoAmIResponse) MarshalLogObject(enc zapcore.ObjectEncoder) error

func (*WhoAmIResponse) ProtoMessage 

func (*WhoAmIResponse) ProtoMessage()

func (*WhoAmIResponse) ProtoReflect added in v2.7.0 

func (x *WhoAmIResponse) ProtoReflect() protoreflect.Message

func (*WhoAmIResponse) Reset 

func (x *WhoAmIResponse) Reset()

func (*WhoAmIResponse) String 

func (x *WhoAmIResponse) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.