api

package
Version: v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 7, 2022 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ResourceLimits_Cachability_name = map[int32]string{
		0: "NONE",
		1: "USER",
		2: "REPL",
	}
	ResourceLimits_Cachability_value = map[string]int32{
		"NONE": 0,
		"USER": 1,
		"REPL": 2,
	}
)

Enum value maps for ResourceLimits_Cachability.

View Source
var (
	ReplToken_Persistence_name = map[int32]string{
		0: "PERSISTENT",
		1: "EPHEMERAL",
		2: "NONE",
	}
	ReplToken_Persistence_value = map[string]int32{
		"PERSISTENT": 0,
		"EPHEMERAL":  1,
		"NONE":       2,
	}
)

Enum value maps for ReplToken_Persistence.

View Source
var (
	ReplToken_WireFormat_name = map[int32]string{
		0: "PROTOBUF",
		1: "JSON",
	}
	ReplToken_WireFormat_value = map[string]int32{
		"PROTOBUF": 0,
		"JSON":     1,
	}
)

Enum value maps for ReplToken_WireFormat.

View Source
var (
	TokenVersion_name = map[int32]string{
		0: "BARE_REPL_TOKEN",
		1: "TYPE_AWARE_TOKEN",
	}
	TokenVersion_value = map[string]int32{
		"BARE_REPL_TOKEN":  0,
		"TYPE_AWARE_TOKEN": 1,
	}
)

Enum value maps for TokenVersion.

View Source
var (
	FlagClaim_name = map[int32]string{
		0: "MINT_GOVAL_TOKEN",
		1: "SIGN_INTERMEDIATE_CERT",
		5: "IDENTITY",
		2: "ANY_REPLID",
		3: "ANY_USER",
		4: "ANY_CLUSTER",
	}
	FlagClaim_value = map[string]int32{
		"MINT_GOVAL_TOKEN":       0,
		"SIGN_INTERMEDIATE_CERT": 1,
		"IDENTITY":               5,
		"ANY_REPLID":             2,
		"ANY_USER":               3,
		"ANY_CLUSTER":            4,
	}
)

Enum value maps for FlagClaim.

View Source
var File_api_client_proto protoreflect.FileDescriptor
View Source
var File_api_signing_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AllowReplRequest

type AllowReplRequest struct {
	ReplTransfer *ReplTransfer `protobuf:"bytes,1,opt,name=replTransfer,proto3" json:"replTransfer,omitempty"`
	// contains filtered or unexported fields
}

AllowReplRequest represents a request to allow a repl into a cluster.

func (*AllowReplRequest) Descriptor deprecated

func (*AllowReplRequest) Descriptor() ([]byte, []int)

Deprecated: Use AllowReplRequest.ProtoReflect.Descriptor instead.

func (*AllowReplRequest) GetReplTransfer

func (x *AllowReplRequest) GetReplTransfer() *ReplTransfer

func (*AllowReplRequest) ProtoMessage

func (*AllowReplRequest) ProtoMessage()

func (*AllowReplRequest) ProtoReflect

func (x *AllowReplRequest) ProtoReflect() protoreflect.Message

func (*AllowReplRequest) Reset

func (x *AllowReplRequest) Reset()

func (*AllowReplRequest) String

func (x *AllowReplRequest) String() string

type CertificateClaim

type CertificateClaim struct {

	// Types that are assignable to Claim:
	//	*CertificateClaim_Replid
	//	*CertificateClaim_User
	//	*CertificateClaim_Cluster
	//	*CertificateClaim_Flag
	Claim isCertificateClaim_Claim `protobuf_oneof:"claim"`
	// contains filtered or unexported fields
}

Claims are actions that a cert is allowed to do. Claims can be repeated (e.g. to allow a cert to apply to multiple replids or users).

Claims should be enforced on certificates by ensuring that certificates are signed by a certificate that has a superset of claims.

When a cert is used to sign a message, it is the responsibility of the service validating the message to ensure that any requests in the message are backed up by claims in the certificate. Claims in a single certificate should be interpreted as a union (e.g. if replid and user is set, the token may apply to any repls owned by the user, or any repls in replid, regardless of the owner).

func (*CertificateClaim) Descriptor deprecated

func (*CertificateClaim) Descriptor() ([]byte, []int)

Deprecated: Use CertificateClaim.ProtoReflect.Descriptor instead.

func (*CertificateClaim) GetClaim

func (m *CertificateClaim) GetClaim() isCertificateClaim_Claim

func (*CertificateClaim) GetCluster

func (x *CertificateClaim) GetCluster() string

func (*CertificateClaim) GetFlag

func (x *CertificateClaim) GetFlag() FlagClaim

func (*CertificateClaim) GetReplid

func (x *CertificateClaim) GetReplid() string

func (*CertificateClaim) GetUser

func (x *CertificateClaim) GetUser() string

func (*CertificateClaim) ProtoMessage

func (*CertificateClaim) ProtoMessage()

func (*CertificateClaim) ProtoReflect

func (x *CertificateClaim) ProtoReflect() protoreflect.Message

func (*CertificateClaim) Reset

func (x *CertificateClaim) Reset()

func (*CertificateClaim) String

func (x *CertificateClaim) String() string

type CertificateClaim_Cluster

type CertificateClaim_Cluster struct {
	// This cert has the authority to sign messages in a certain cluster
	Cluster string `protobuf:"bytes,4,opt,name=cluster,proto3,oneof"`
}

type CertificateClaim_Flag

type CertificateClaim_Flag struct {
	// This cert has the authority to perform an action as described in FlagClaim
	Flag FlagClaim `protobuf:"varint,3,opt,name=flag,proto3,enum=api.FlagClaim,oneof"`
}

type CertificateClaim_Replid

type CertificateClaim_Replid struct {
	// This cert has the authority to sign messages on behalf of a replid
	Replid string `protobuf:"bytes,1,opt,name=replid,proto3,oneof"`
}

type CertificateClaim_User

type CertificateClaim_User struct {
	// This cert has the authority to sign messages on behalf of a user
	User string `protobuf:"bytes,2,opt,name=user,proto3,oneof"`
}

type ClusterMetadata

type ClusterMetadata struct {
	Id        string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	ConmanURL string `protobuf:"bytes,2,opt,name=conmanURL,proto3" json:"conmanURL,omitempty"`
	Gurl      string `protobuf:"bytes,3,opt,name=gurl,proto3" json:"gurl,omitempty"`
	Proxy     string `protobuf:"bytes,5,opt,name=proxy,proto3" json:"proxy,omitempty"`
	// contains filtered or unexported fields
}

ClusterMetadata represents all the metadata Lore knows about a cluster. This includes all endpoints needed to communicate with the cluster.

func (*ClusterMetadata) Descriptor deprecated

func (*ClusterMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ClusterMetadata.ProtoReflect.Descriptor instead.

func (*ClusterMetadata) GetConmanURL

func (x *ClusterMetadata) GetConmanURL() string

func (*ClusterMetadata) GetGurl

func (x *ClusterMetadata) GetGurl() string

func (*ClusterMetadata) GetId

func (x *ClusterMetadata) GetId() string

func (*ClusterMetadata) GetProxy

func (x *ClusterMetadata) GetProxy() string

func (*ClusterMetadata) ProtoMessage

func (*ClusterMetadata) ProtoMessage()

func (*ClusterMetadata) ProtoReflect

func (x *ClusterMetadata) ProtoReflect() protoreflect.Message

func (*ClusterMetadata) Reset

func (x *ClusterMetadata) Reset()

func (*ClusterMetadata) String

func (x *ClusterMetadata) String() string

type EvictReplRequest

type EvictReplRequest struct {
	ClusterMetadata *ClusterMetadata `protobuf:"bytes,1,opt,name=clusterMetadata,proto3" json:"clusterMetadata,omitempty"`
	Token           string           `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	// User and slug are sent so that a repl route can be added even if the cluster
	// doesn't have metadata for this repl.
	User string `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`
	Slug string `protobuf:"bytes,4,opt,name=slug,proto3" json:"slug,omitempty"`
	// contains filtered or unexported fields
}

EvictReplRequest represents a request to evict a repl from a cluster. Includes the metadata about the repl that will be evicted and a token in case conman needs to forward this request to another instance.

func (*EvictReplRequest) Descriptor deprecated

func (*EvictReplRequest) Descriptor() ([]byte, []int)

Deprecated: Use EvictReplRequest.ProtoReflect.Descriptor instead.

func (*EvictReplRequest) GetClusterMetadata

func (x *EvictReplRequest) GetClusterMetadata() *ClusterMetadata

func (*EvictReplRequest) GetSlug

func (x *EvictReplRequest) GetSlug() string

func (*EvictReplRequest) GetToken

func (x *EvictReplRequest) GetToken() string

func (*EvictReplRequest) GetUser

func (x *EvictReplRequest) GetUser() string

func (*EvictReplRequest) ProtoMessage

func (*EvictReplRequest) ProtoMessage()

func (*EvictReplRequest) ProtoReflect

func (x *EvictReplRequest) ProtoReflect() protoreflect.Message

func (*EvictReplRequest) Reset

func (x *EvictReplRequest) Reset()

func (*EvictReplRequest) String

func (x *EvictReplRequest) String() string

type EvictReplResponse

type EvictReplResponse struct {
	ReplTransfer *ReplTransfer `protobuf:"bytes,1,opt,name=replTransfer,proto3" json:"replTransfer,omitempty"`
	// contains filtered or unexported fields
}

EvictReplResponse represents a response after evicting a repl from a cluster and includes metadata about the repl that was evicted.

func (*EvictReplResponse) Descriptor deprecated

func (*EvictReplResponse) Descriptor() ([]byte, []int)

Deprecated: Use EvictReplResponse.ProtoReflect.Descriptor instead.

func (*EvictReplResponse) GetReplTransfer

func (x *EvictReplResponse) GetReplTransfer() *ReplTransfer

func (*EvictReplResponse) ProtoMessage

func (*EvictReplResponse) ProtoMessage()

func (*EvictReplResponse) ProtoReflect

func (x *EvictReplResponse) ProtoReflect() protoreflect.Message

func (*EvictReplResponse) Reset

func (x *EvictReplResponse) Reset()

func (*EvictReplResponse) String

func (x *EvictReplResponse) String() string

type FlagClaim

type FlagClaim int32
const (
	// Cert has the authority to sign ReplToken messages that can be validated
	// by goval
	FlagClaim_MINT_GOVAL_TOKEN FlagClaim = 0
	// Cert has the authority to sign additional intermediate certs. (The claims
	// on intermediate certs signed by this cert are still enforced.)
	FlagClaim_SIGN_INTERMEDIATE_CERT FlagClaim = 1
	// Cert has the authority to sign GovalToken messages that can prove identity.
	FlagClaim_IDENTITY FlagClaim = 5
	// Cert has the authority to sign ReplToken messages for any ReplID. If this
	// claim is not set, the cert will only be able to emit tokens only for the
	// list explicitly enumerated by the other claims. If that list is empty, the
	// cert has no ability to sign any tokens.
	FlagClaim_ANY_REPLID FlagClaim = 2
	// Cert has the authority to sign ReplToken messages for any user. If this
	// claim is not set, the cert will only be able to emit tokens only for the
	// list explicitly enumerated by the other claims. If that list is empty, the
	// cert has no ability to sign any tokens.
	FlagClaim_ANY_USER FlagClaim = 3
	// Cert has the authority to sign ReplToken messages for any cluster. If this
	// claim is not set, the cert will only be able to emit tokens only for the
	// list explicitly enumerated by the other claims. If that list is empty, the
	// cert has no ability to sign any tokens.
	FlagClaim_ANY_CLUSTER FlagClaim = 4
)

func (FlagClaim) Descriptor

func (FlagClaim) Descriptor() protoreflect.EnumDescriptor

func (FlagClaim) Enum

func (x FlagClaim) Enum() *FlagClaim

func (FlagClaim) EnumDescriptor deprecated

func (FlagClaim) EnumDescriptor() ([]byte, []int)

Deprecated: Use FlagClaim.Descriptor instead.

func (FlagClaim) Number

func (x FlagClaim) Number() protoreflect.EnumNumber

func (FlagClaim) String

func (x FlagClaim) String() string

func (FlagClaim) Type

type GovalCert

type GovalCert struct {

	// Issue timestamp. Equivalent to JWT's "iat" (Issued At) claim.  Tokens with
	// no `iat` field will be treated as if they had been issed at the UNIX epoch
	// (1970-01-01T00:00:00Z).
	Iat *timestamp.Timestamp `protobuf:"bytes,1,opt,name=iat,proto3" json:"iat,omitempty"`
	// Expiration timestamp. Equivalent to JWT's "exp" (Expiration Time) Claim.
	// If unset, will default to one hour after `iat`.
	Exp *timestamp.Timestamp `protobuf:"bytes,2,opt,name=exp,proto3" json:"exp,omitempty"`
	// A list of claims this cert can authorize
	Claims []*CertificateClaim `protobuf:"bytes,3,rep,name=claims,proto3" json:"claims,omitempty"`
	// The PASETO `v2.public` (Ed25519) public key authorized to sign requests in
	// this scope. Must be encoded in either PASERK SID or a PEM PUBLIC KEY
	// block.  (This key is usally generated in nodejs, and nodejs does not
	// provide an interface to get the raw key bytes)
	PublicKey string `protobuf:"bytes,4,opt,name=publicKey,proto3" json:"publicKey,omitempty"`
	// contains filtered or unexported fields
}

GovalCert provides a mechanism of establishing a chain of trust without requiring a single private key to be duplciated to all services that send messages. The processes of generating intermediate certs is as follows:

  • A PASETO `v2.public` root keypair is generated and added to GSM with an arbitrary key id.
  • The root public key id is encoded in a GovalSigningAuthority
  • An intermediate PASETO `v2.public` keypair is generated
  • The intermediate public key is encoded in a GovalCert, along with information about the lifetime and claims of that cert.
  • The GovalCert is encoded in the body of a PASETO and signed with the root private key. The root signing authority is inserted into the footer of the PASETO to use for validation.
  • This signed PASETO is encoded in another GovalSigningAuthority and appended as the footer of PASETOs signed by the intermediate private key.

Additional intermediate certs can be generated and signed by private key and signing authority of the previous cert.

When validating a chain of certs, the footer of each wrapped PASETO is recursed until reaching a root key id. The body of that PASETO is validated with the root public key. The body is decoded into a GovalCert, its lifetime is checked, and the public key is pulled out and used to validate the next PASETO, continuing back up the chain. At each step along the chain (except for the root), the claims of a certificate must be verified to be a subset of the claims of the certificate signing it.

func (*GovalCert) Descriptor deprecated

func (*GovalCert) Descriptor() ([]byte, []int)

Deprecated: Use GovalCert.ProtoReflect.Descriptor instead.

func (*GovalCert) GetClaims

func (x *GovalCert) GetClaims() []*CertificateClaim

func (*GovalCert) GetExp

func (x *GovalCert) GetExp() *timestamp.Timestamp

func (*GovalCert) GetIat

func (x *GovalCert) GetIat() *timestamp.Timestamp

func (*GovalCert) GetPublicKey

func (x *GovalCert) GetPublicKey() string

func (*GovalCert) ProtoMessage

func (*GovalCert) ProtoMessage()

func (*GovalCert) ProtoReflect

func (x *GovalCert) ProtoReflect() protoreflect.Message

func (*GovalCert) Reset

func (x *GovalCert) Reset()

func (*GovalCert) String

func (x *GovalCert) String() string

type GovalReplIdentity

type GovalReplIdentity struct {

	// This identity has this Repl ID
	Replid string `protobuf:"bytes,1,opt,name=replid,proto3" json:"replid,omitempty"`
	// This identity is in the context of this user
	User string `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
	// This repl has this slug
	Slug string `protobuf:"bytes,3,opt,name=slug,proto3" json:"slug,omitempty"`
	// If set, this token can only be consumed by this a Repl with this Repl ID.
	// Equivalent to JWT's "aud" (Audience) claim.
	Aud string `protobuf:"bytes,4,opt,name=aud,proto3" json:"aud,omitempty"`
	// If set, this identity is for an ephemeral repl (e.g. a guest fork).
	Ephemeral bool `protobuf:"varint,5,opt,name=ephemeral,proto3" json:"ephemeral,omitempty"`
	// This identity is forked from this Repl ID.
	// This is set for "guest forks", where server(s) might need to know the
	// original repl's ID despite the running environment being a fork.
	OriginReplid string `protobuf:"bytes,6,opt,name=originReplid,proto3" json:"originReplid,omitempty"`
	// contains filtered or unexported fields
}

A GovalReplIdentity is used in identity PASETO tokens which are used for authentication between repls.

func (*GovalReplIdentity) Descriptor deprecated

func (*GovalReplIdentity) Descriptor() ([]byte, []int)

Deprecated: Use GovalReplIdentity.ProtoReflect.Descriptor instead.

func (*GovalReplIdentity) GetAud

func (x *GovalReplIdentity) GetAud() string

func (*GovalReplIdentity) GetEphemeral added in v0.0.4

func (x *GovalReplIdentity) GetEphemeral() bool

func (*GovalReplIdentity) GetOriginReplid added in v0.0.5

func (x *GovalReplIdentity) GetOriginReplid() string

func (*GovalReplIdentity) GetReplid

func (x *GovalReplIdentity) GetReplid() string

func (*GovalReplIdentity) GetSlug

func (x *GovalReplIdentity) GetSlug() string

func (*GovalReplIdentity) GetUser

func (x *GovalReplIdentity) GetUser() string

func (*GovalReplIdentity) ProtoMessage

func (*GovalReplIdentity) ProtoMessage()

func (*GovalReplIdentity) ProtoReflect

func (x *GovalReplIdentity) ProtoReflect() protoreflect.Message

func (*GovalReplIdentity) Reset

func (x *GovalReplIdentity) Reset()

func (*GovalReplIdentity) String

func (x *GovalReplIdentity) String() string

type GovalSigningAuthority

type GovalSigningAuthority struct {

	// Types that are assignable to Cert:
	//	*GovalSigningAuthority_KeyId
	//	*GovalSigningAuthority_SignedCert
	Cert isGovalSigningAuthority_Cert `protobuf_oneof:"cert"`
	// An enum detailing how the body of the PASETO this is a footer of should
	// be decoded
	Version TokenVersion `protobuf:"varint,3,opt,name=version,proto3,enum=api.TokenVersion" json:"version,omitempty"`
	// A string containing the issuer of a token. This is used to track who is
	// sending tokens with a particular key id, so that we can rotate safely.
	Issuer string `protobuf:"bytes,4,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// contains filtered or unexported fields
}

GovalSigningAuthority is information about a goval token, that can be used to validate it. It is stored in the footer of the PASETO.

func (*GovalSigningAuthority) Descriptor deprecated

func (*GovalSigningAuthority) Descriptor() ([]byte, []int)

Deprecated: Use GovalSigningAuthority.ProtoReflect.Descriptor instead.

func (*GovalSigningAuthority) GetCert

func (m *GovalSigningAuthority) GetCert() isGovalSigningAuthority_Cert

func (*GovalSigningAuthority) GetIssuer

func (x *GovalSigningAuthority) GetIssuer() string

func (*GovalSigningAuthority) GetKeyId

func (x *GovalSigningAuthority) GetKeyId() string

func (*GovalSigningAuthority) GetSignedCert

func (x *GovalSigningAuthority) GetSignedCert() string

func (*GovalSigningAuthority) GetVersion

func (x *GovalSigningAuthority) GetVersion() TokenVersion

func (*GovalSigningAuthority) ProtoMessage

func (*GovalSigningAuthority) ProtoMessage()

func (*GovalSigningAuthority) ProtoReflect

func (x *GovalSigningAuthority) ProtoReflect() protoreflect.Message

func (*GovalSigningAuthority) Reset

func (x *GovalSigningAuthority) Reset()

func (*GovalSigningAuthority) String

func (x *GovalSigningAuthority) String() string

type GovalSigningAuthority_KeyId

type GovalSigningAuthority_KeyId struct {
	// The ID of the root public key that was used to sign the token.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3,oneof"`
}

type GovalSigningAuthority_SignedCert

type GovalSigningAuthority_SignedCert struct {
	// A signed PASETO with a GovalCert in the body and the GovalSigningAuthority
	// used to sign the body in the footer.
	SignedCert string `protobuf:"bytes,2,opt,name=signed_cert,json=signedCert,proto3,oneof"`
}

type GovalToken

type GovalToken struct {

	// Issue timestamp. Equivalent to JWT's "iat" (Issued At) claim.  Tokens with
	// no `iat` field will be treated as if they had been issed at the UNIX epoch
	// (1970-01-01T00:00:00Z).
	Iat *timestamp.Timestamp `protobuf:"bytes,1,opt,name=iat,proto3" json:"iat,omitempty"`
	// Expiration timestamp. Equivalent to JWT's "exp" (Expiration Time) Claim.
	// If unset, will default to one hour after `iat`.
	Exp *timestamp.Timestamp `protobuf:"bytes,2,opt,name=exp,proto3" json:"exp,omitempty"`
	// Tokens are only allowed to act for a single repl, replid is the repl that
	// this token is authorized for. The validator must check that the replid of
	// this token agrees with the claims in any of the certs signing it.
	Replid string `protobuf:"bytes,3,opt,name=replid,proto3" json:"replid,omitempty"`
	// The token body, all future tokens should rely on the information in
	// GovalToken to establish basic validity, and should only add additional
	// fields. ReplToken has its own iat, exp, and replid for legacy reasons.
	//
	// Types that are assignable to Token:
	//	*GovalToken_ReplToken
	//	*GovalToken_ReplIdentity
	Token isGovalToken_Token `protobuf_oneof:"Token"`
	// contains filtered or unexported fields
}

A GovalToken should be the body of any PASETO we send

func (*GovalToken) Descriptor deprecated

func (*GovalToken) Descriptor() ([]byte, []int)

Deprecated: Use GovalToken.ProtoReflect.Descriptor instead.

func (*GovalToken) GetExp

func (x *GovalToken) GetExp() *timestamp.Timestamp

func (*GovalToken) GetIat

func (x *GovalToken) GetIat() *timestamp.Timestamp

func (*GovalToken) GetReplIdentity

func (x *GovalToken) GetReplIdentity() *GovalReplIdentity

func (*GovalToken) GetReplToken

func (x *GovalToken) GetReplToken() *ReplToken

func (*GovalToken) GetReplid

func (x *GovalToken) GetReplid() string

func (*GovalToken) GetToken

func (m *GovalToken) GetToken() isGovalToken_Token

func (*GovalToken) ProtoMessage

func (*GovalToken) ProtoMessage()

func (*GovalToken) ProtoReflect

func (x *GovalToken) ProtoReflect() protoreflect.Message

func (*GovalToken) Reset

func (x *GovalToken) Reset()

func (*GovalToken) String

func (x *GovalToken) String() string

type GovalToken_ReplIdentity

type GovalToken_ReplIdentity struct {
	// This token is used to prove a Repl's identity.
	ReplIdentity *GovalReplIdentity `protobuf:"bytes,5,opt,name=repl_identity,json=replIdentity,proto3,oneof"`
}

type GovalToken_ReplToken

type GovalToken_ReplToken struct {
	// This token is used to authorize a request to create a repl in goval
	ReplToken *ReplToken `protobuf:"bytes,4,opt,name=repl_token,json=replToken,proto3,oneof"`
}

type Permissions

type Permissions struct {

	// This token has permission to toggle the always on state of a container.
	// For a connection to send the AlwaysOn message, it must have this permission.
	ToggleAlwaysOn bool `protobuf:"varint,1,opt,name=toggleAlwaysOn,proto3" json:"toggleAlwaysOn,omitempty"`
	// contains filtered or unexported fields
}

Permissions allow tokens to perform certain actions.

func (*Permissions) Descriptor deprecated

func (*Permissions) Descriptor() ([]byte, []int)

Deprecated: Use Permissions.ProtoReflect.Descriptor instead.

func (*Permissions) GetToggleAlwaysOn

func (x *Permissions) GetToggleAlwaysOn() bool

func (*Permissions) ProtoMessage

func (*Permissions) ProtoMessage()

func (*Permissions) ProtoReflect

func (x *Permissions) ProtoReflect() protoreflect.Message

func (*Permissions) Reset

func (x *Permissions) Reset()

func (*Permissions) String

func (x *Permissions) String() string

type Repl

type Repl struct {
	Id       string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Language string `protobuf:"bytes,2,opt,name=language,proto3" json:"language,omitempty"`
	Bucket   string `protobuf:"bytes,3,opt,name=bucket,proto3" json:"bucket,omitempty"`
	Slug     string `protobuf:"bytes,4,opt,name=slug,proto3" json:"slug,omitempty"`
	User     string `protobuf:"bytes,5,opt,name=user,proto3" json:"user,omitempty"`
	// (Optional) The replID of a repl to be used as the source filesystem. All
	// writes will still go to the actual repl. This is intended to be a
	// replacement for guest repls, giving us cheap COW semantics so all
	// connections can have a real repl.
	//
	// One exception:
	//
	// It's important to note that data is not implicitly copied from src to
	// dest. Only what is explicitly written when talking to pid1 (either
	// gcsfiles or snapshots) will persist. This makes it slightly different
	// than just forking.
	//
	// It's unclear what the behaviour should be if:
	// - the dest and src repl both exist
	// - the dest and src are the same
	// - we have an src but no dest
	// consider these unsupported/undefined for now.
	SourceRepl string `protobuf:"bytes,6,opt,name=sourceRepl,proto3" json:"sourceRepl,omitempty"`
	// contains filtered or unexported fields
}

This message constitutes the repl metadata and define the repl we're connecting to. All fields are required unless otherwise stated.

func (*Repl) Descriptor deprecated

func (*Repl) Descriptor() ([]byte, []int)

Deprecated: Use Repl.ProtoReflect.Descriptor instead.

func (*Repl) GetBucket

func (x *Repl) GetBucket() string

func (*Repl) GetId

func (x *Repl) GetId() string

func (*Repl) GetLanguage

func (x *Repl) GetLanguage() string

func (*Repl) GetSlug

func (x *Repl) GetSlug() string

func (*Repl) GetSourceRepl

func (x *Repl) GetSourceRepl() string

func (*Repl) GetUser

func (x *Repl) GetUser() string

func (*Repl) ProtoMessage

func (*Repl) ProtoMessage()

func (*Repl) ProtoReflect

func (x *Repl) ProtoReflect() protoreflect.Message

func (*Repl) Reset

func (x *Repl) Reset()

func (*Repl) String

func (x *Repl) String() string

type ReplToken

type ReplToken struct {

	// Issue timestamp. Equivalent to JWT's "iat" (Issued At) claim.  Tokens with
	// no `iat` field will be treated as if they had been issed at the UNIX epoch
	// (1970-01-01T00:00:00Z).
	Iat *timestamp.Timestamp `protobuf:"bytes,1,opt,name=iat,proto3" json:"iat,omitempty"`
	// Expiration timestamp. Equivalent to JWT's "exp" (Expiration Time) Claim.
	// If unset, will default to one hour after `iat`.
	Exp *timestamp.Timestamp `protobuf:"bytes,2,opt,name=exp,proto3" json:"exp,omitempty"`
	// An arbitrary string that helps prevent replay attacks by ensuring that all
	// tokens are distinct.
	Salt string `protobuf:"bytes,3,opt,name=salt,proto3" json:"salt,omitempty"`
	// The cluster that a repl is located in. This prevents replay attacks in
	// which a user is given a token for one cluster and then presents that same
	// token to a conman instance in another token, which could lead to a case
	// where multiple containers are associated with a repl.
	//
	// Conman therefore needs to validate that this parameter matches the
	// `-cluster` flag it was started with.
	Cluster string `protobuf:"bytes,4,opt,name=cluster,proto3" json:"cluster,omitempty"`
	// Whether to persist filesystem, metadata, or both.  When connecting to an
	// already running/existing repl, its settings will be updated to match this
	// mode.
	Persistence ReplToken_Persistence `protobuf:"varint,6,opt,name=persistence,proto3,enum=api.ReplToken_Persistence" json:"persistence,omitempty"`
	// One of the three ways to identify a repl in goval.
	//
	// Types that are assignable to Metadata:
	//	*ReplToken_Repl
	//	*ReplToken_Id
	//	*ReplToken_Classroom
	Metadata isReplToken_Metadata `protobuf_oneof:"metadata"`
	// The resource limits for the container.
	ResourceLimits *ResourceLimits      `protobuf:"bytes,10,opt,name=resourceLimits,proto3" json:"resourceLimits,omitempty"`
	Format         ReplToken_WireFormat `protobuf:"varint,12,opt,name=format,proto3,enum=api.ReplToken_WireFormat" json:"format,omitempty"`
	Presenced      *ReplToken_Presenced `protobuf:"bytes,13,opt,name=presenced,proto3" json:"presenced,omitempty"`
	// Flags are handy for passing arbitrary configs along. Mostly used so
	// the client can try out new features
	Flags       []string     `protobuf:"bytes,14,rep,name=flags,proto3" json:"flags,omitempty"`
	Permissions *Permissions `protobuf:"bytes,15,opt,name=permissions,proto3" json:"permissions,omitempty"`
	// contains filtered or unexported fields
}

ReplToken is the expected client options during the handshake. This is encoded into the token that is used to connect using WebSocket.

func (*ReplToken) Descriptor deprecated

func (*ReplToken) Descriptor() ([]byte, []int)

Deprecated: Use ReplToken.ProtoReflect.Descriptor instead.

func (*ReplToken) GetClassroom deprecated

func (x *ReplToken) GetClassroom() *ReplToken_ClassroomMetadata

Deprecated: Do not use.

func (*ReplToken) GetCluster

func (x *ReplToken) GetCluster() string

func (*ReplToken) GetExp

func (x *ReplToken) GetExp() *timestamp.Timestamp

func (*ReplToken) GetFlags

func (x *ReplToken) GetFlags() []string

func (*ReplToken) GetFormat

func (x *ReplToken) GetFormat() ReplToken_WireFormat

func (*ReplToken) GetIat

func (x *ReplToken) GetIat() *timestamp.Timestamp

func (*ReplToken) GetId

func (x *ReplToken) GetId() *ReplToken_ReplID

func (*ReplToken) GetMetadata

func (m *ReplToken) GetMetadata() isReplToken_Metadata

func (*ReplToken) GetPermissions

func (x *ReplToken) GetPermissions() *Permissions

func (*ReplToken) GetPersistence

func (x *ReplToken) GetPersistence() ReplToken_Persistence

func (*ReplToken) GetPresenced

func (x *ReplToken) GetPresenced() *ReplToken_Presenced

func (*ReplToken) GetRepl

func (x *ReplToken) GetRepl() *Repl

func (*ReplToken) GetResourceLimits

func (x *ReplToken) GetResourceLimits() *ResourceLimits

func (*ReplToken) GetSalt

func (x *ReplToken) GetSalt() string

func (*ReplToken) ProtoMessage

func (*ReplToken) ProtoMessage()

func (*ReplToken) ProtoReflect

func (x *ReplToken) ProtoReflect() protoreflect.Message

func (*ReplToken) Reset

func (x *ReplToken) Reset()

func (*ReplToken) String

func (x *ReplToken) String() string

type ReplToken_Classroom

type ReplToken_Classroom struct {
	// This is DEPRECATED and only used by the classroom. This will never share
	// a container between connections. Please don't use this even for tests,
	// we intend to remove it soon.
	//
	// Deprecated: Do not use.
	Classroom *ReplToken_ClassroomMetadata `protobuf:"bytes,9,opt,name=classroom,proto3,oneof"`
}

type ReplToken_ClassroomMetadata

type ReplToken_ClassroomMetadata struct {
	Id       string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Language string `protobuf:"bytes,2,opt,name=language,proto3" json:"language,omitempty"`
	// contains filtered or unexported fields
}

Metadata for the classroom. This is deprecated and should be removed hopefully soon.

func (*ReplToken_ClassroomMetadata) Descriptor deprecated

func (*ReplToken_ClassroomMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ReplToken_ClassroomMetadata.ProtoReflect.Descriptor instead.

func (*ReplToken_ClassroomMetadata) GetId

func (*ReplToken_ClassroomMetadata) GetLanguage

func (x *ReplToken_ClassroomMetadata) GetLanguage() string

func (*ReplToken_ClassroomMetadata) ProtoMessage

func (*ReplToken_ClassroomMetadata) ProtoMessage()

func (*ReplToken_ClassroomMetadata) ProtoReflect

func (*ReplToken_ClassroomMetadata) Reset

func (x *ReplToken_ClassroomMetadata) Reset()

func (*ReplToken_ClassroomMetadata) String

func (x *ReplToken_ClassroomMetadata) String() string

type ReplToken_Id

type ReplToken_Id struct {
	// The repl must already be known to goval, the connection will proceed
	// with the Repl metadata from a previous connection's metadata with the
	// same ID.
	Id *ReplToken_ReplID `protobuf:"bytes,8,opt,name=id,proto3,oneof"`
}

type ReplToken_Persistence

type ReplToken_Persistence int32

Whether to persist filesystem, metadata, or both.

const (
	// This is the usual mode of operation: both filesystem and metadata will be
	// persisted.
	ReplToken_PERSISTENT ReplToken_Persistence = 0
	// The ephemeral flag indicates the repl being connected to will have a time
	// restriction on stored metadata.  This has the consequence that repl will
	// be unable to wakeup or serve static traffic once the metadata has timed
	// out. This option does NOT affect filesystem and other data persistence.
	//
	// For context, this value is used on the client when repls are created for:
	// - replrun
	// - guests
	// - anon users
	// - temp vnc repls
	// - users with non-verified emails
	ReplToken_EPHEMERAL ReplToken_Persistence = 1
	// This indicates that the repl being connected does not have the ability to
	// persist files or be woken up after the lifetime of this repl expires.
	//
	// For context, this value is used on the client when repls are created for:
	// - replrun
	// - guests
	// - language pages
	ReplToken_NONE ReplToken_Persistence = 2
)

func (ReplToken_Persistence) Descriptor

func (ReplToken_Persistence) Enum

func (ReplToken_Persistence) EnumDescriptor deprecated

func (ReplToken_Persistence) EnumDescriptor() ([]byte, []int)

Deprecated: Use ReplToken_Persistence.Descriptor instead.

func (ReplToken_Persistence) Number

func (ReplToken_Persistence) String

func (x ReplToken_Persistence) String() string

func (ReplToken_Persistence) Type

type ReplToken_Presenced

type ReplToken_Presenced struct {
	BearerID   uint32 `protobuf:"varint,1,opt,name=bearerID,proto3" json:"bearerID,omitempty"`
	BearerName string `protobuf:"bytes,2,opt,name=bearerName,proto3" json:"bearerName,omitempty"`
	// contains filtered or unexported fields
}

func (*ReplToken_Presenced) Descriptor deprecated

func (*ReplToken_Presenced) Descriptor() ([]byte, []int)

Deprecated: Use ReplToken_Presenced.ProtoReflect.Descriptor instead.

func (*ReplToken_Presenced) GetBearerID

func (x *ReplToken_Presenced) GetBearerID() uint32

func (*ReplToken_Presenced) GetBearerName

func (x *ReplToken_Presenced) GetBearerName() string

func (*ReplToken_Presenced) ProtoMessage

func (*ReplToken_Presenced) ProtoMessage()

func (*ReplToken_Presenced) ProtoReflect

func (x *ReplToken_Presenced) ProtoReflect() protoreflect.Message

func (*ReplToken_Presenced) Reset

func (x *ReplToken_Presenced) Reset()

func (*ReplToken_Presenced) String

func (x *ReplToken_Presenced) String() string

type ReplToken_Repl

type ReplToken_Repl struct {
	// This is the standard connection behavior. If the repl doesn't exist it
	// will be created. Any future connections with a matching ID will go to
	// the same container. If other metadata mismatches besides ID it will be
	// rectified (typically by recreating the container to make it match the
	// provided value).
	Repl *Repl `protobuf:"bytes,7,opt,name=repl,proto3,oneof"`
}

type ReplToken_ReplID

type ReplToken_ReplID struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// (Optional) See the comment for Repl.sourceRepl.
	SourceRepl string `protobuf:"bytes,2,opt,name=sourceRepl,proto3" json:"sourceRepl,omitempty"`
	// contains filtered or unexported fields
}

Metadata for a repl that is only identified by its id.

func (*ReplToken_ReplID) Descriptor deprecated

func (*ReplToken_ReplID) Descriptor() ([]byte, []int)

Deprecated: Use ReplToken_ReplID.ProtoReflect.Descriptor instead.

func (*ReplToken_ReplID) GetId

func (x *ReplToken_ReplID) GetId() string

func (*ReplToken_ReplID) GetSourceRepl

func (x *ReplToken_ReplID) GetSourceRepl() string

func (*ReplToken_ReplID) ProtoMessage

func (*ReplToken_ReplID) ProtoMessage()

func (*ReplToken_ReplID) ProtoReflect

func (x *ReplToken_ReplID) ProtoReflect() protoreflect.Message

func (*ReplToken_ReplID) Reset

func (x *ReplToken_ReplID) Reset()

func (*ReplToken_ReplID) String

func (x *ReplToken_ReplID) String() string

type ReplToken_WireFormat

type ReplToken_WireFormat int32

allows the client to choose a wire format.

const (
	// The default wire format: Protobuf-over-WebSocket.
	ReplToken_PROTOBUF ReplToken_WireFormat = 0
	// Legacy protocol.
	//
	// Deprecated: Do not use.
	ReplToken_JSON ReplToken_WireFormat = 1
)

func (ReplToken_WireFormat) Descriptor

func (ReplToken_WireFormat) Enum

func (ReplToken_WireFormat) EnumDescriptor deprecated

func (ReplToken_WireFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use ReplToken_WireFormat.Descriptor instead.

func (ReplToken_WireFormat) Number

func (ReplToken_WireFormat) String

func (x ReplToken_WireFormat) String() string

func (ReplToken_WireFormat) Type

type ReplTransfer

type ReplTransfer struct {
	Repl          *Repl             `protobuf:"bytes,1,opt,name=repl,proto3" json:"repl,omitempty"`
	ReplLimits    *ResourceLimits   `protobuf:"bytes,2,opt,name=replLimits,proto3" json:"replLimits,omitempty"`
	UserLimits    *ResourceLimits   `protobuf:"bytes,3,opt,name=userLimits,proto3" json:"userLimits,omitempty"`
	CustomDomains []string          `protobuf:"bytes,4,rep,name=customDomains,proto3" json:"customDomains,omitempty"`
	Certificates  []*TLSCertificate `protobuf:"bytes,5,rep,name=certificates,proto3" json:"certificates,omitempty"`
	Flags         []string          `protobuf:"bytes,6,rep,name=flags,proto3" json:"flags,omitempty"`
	// contains filtered or unexported fields
}

ReplTransfer includes all the data needed to transfer a repl between clusters.

func (*ReplTransfer) Descriptor deprecated

func (*ReplTransfer) Descriptor() ([]byte, []int)

Deprecated: Use ReplTransfer.ProtoReflect.Descriptor instead.

func (*ReplTransfer) GetCertificates

func (x *ReplTransfer) GetCertificates() []*TLSCertificate

func (*ReplTransfer) GetCustomDomains

func (x *ReplTransfer) GetCustomDomains() []string

func (*ReplTransfer) GetFlags

func (x *ReplTransfer) GetFlags() []string

func (*ReplTransfer) GetRepl

func (x *ReplTransfer) GetRepl() *Repl

func (*ReplTransfer) GetReplLimits

func (x *ReplTransfer) GetReplLimits() *ResourceLimits

func (*ReplTransfer) GetUserLimits

func (x *ReplTransfer) GetUserLimits() *ResourceLimits

func (*ReplTransfer) ProtoMessage

func (*ReplTransfer) ProtoMessage()

func (*ReplTransfer) ProtoReflect

func (x *ReplTransfer) ProtoReflect() protoreflect.Message

func (*ReplTransfer) Reset

func (x *ReplTransfer) Reset()

func (*ReplTransfer) String

func (x *ReplTransfer) String() string

type ResourceLimits

type ResourceLimits struct {

	// Whether the repl has network access.
	Net bool `protobuf:"varint,1,opt,name=net,proto3" json:"net,omitempty"`
	// The amount of RAM in bytes that this repl will have.
	Memory int64 `protobuf:"varint,2,opt,name=memory,proto3" json:"memory,omitempty"`
	// The number of cores that the container will be allowed to have.
	Threads float64 `protobuf:"fixed64,3,opt,name=threads,proto3" json:"threads,omitempty"`
	// The Docker container weight factor for the scheduler. Similar to the
	// `--cpu-shares` commandline flag.
	Shares float64 `protobuf:"fixed64,4,opt,name=shares,proto3" json:"shares,omitempty"`
	// The size of the disk in bytes.
	Disk  int64                      `protobuf:"varint,5,opt,name=disk,proto3" json:"disk,omitempty"`
	Cache ResourceLimits_Cachability `protobuf:"varint,6,opt,name=cache,proto3,enum=api.ResourceLimits_Cachability" json:"cache,omitempty"`
	// If set, apply a restrictive allowlist-based network policy to the container
	// The container will only be able to communicate with the minimum domains
	// necessary to make Replit work, such as package managers.
	RestrictNetwork bool `protobuf:"varint,7,opt,name=restrictNetwork,proto3" json:"restrictNetwork,omitempty"`
	// contains filtered or unexported fields
}

The resource limits that should be applied to the Repl's container.

func (*ResourceLimits) Descriptor deprecated

func (*ResourceLimits) Descriptor() ([]byte, []int)

Deprecated: Use ResourceLimits.ProtoReflect.Descriptor instead.

func (*ResourceLimits) GetCache

func (*ResourceLimits) GetDisk

func (x *ResourceLimits) GetDisk() int64

func (*ResourceLimits) GetMemory

func (x *ResourceLimits) GetMemory() int64

func (*ResourceLimits) GetNet

func (x *ResourceLimits) GetNet() bool

func (*ResourceLimits) GetRestrictNetwork

func (x *ResourceLimits) GetRestrictNetwork() bool

func (*ResourceLimits) GetShares

func (x *ResourceLimits) GetShares() float64

func (*ResourceLimits) GetThreads

func (x *ResourceLimits) GetThreads() float64

func (*ResourceLimits) ProtoMessage

func (*ResourceLimits) ProtoMessage()

func (*ResourceLimits) ProtoReflect

func (x *ResourceLimits) ProtoReflect() protoreflect.Message

func (*ResourceLimits) Reset

func (x *ResourceLimits) Reset()

func (*ResourceLimits) String

func (x *ResourceLimits) String() string

type ResourceLimits_Cachability

type ResourceLimits_Cachability int32

Whether these limits are cachable, and if they are, by what facet of the token.

const (
	// Do not cache these limits.
	ResourceLimits_NONE ResourceLimits_Cachability = 0
	// These limits can be cached and applied to this and any of the user's
	// other repls.
	ResourceLimits_USER ResourceLimits_Cachability = 1
	// These limits can be cached and applied only to this repl.
	ResourceLimits_REPL ResourceLimits_Cachability = 2
)

func (ResourceLimits_Cachability) Descriptor

func (ResourceLimits_Cachability) Enum

func (ResourceLimits_Cachability) EnumDescriptor deprecated

func (ResourceLimits_Cachability) EnumDescriptor() ([]byte, []int)

Deprecated: Use ResourceLimits_Cachability.Descriptor instead.

func (ResourceLimits_Cachability) Number

func (ResourceLimits_Cachability) String

func (ResourceLimits_Cachability) Type

type TLSCertificate

type TLSCertificate struct {
	Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
	Cert   []byte `protobuf:"bytes,2,opt,name=cert,proto3" json:"cert,omitempty"`
	// contains filtered or unexported fields
}

TLSCertificate is a SSL/TLS certificate for a specific domain. This is used to transfer certificates between clusters when a repl is transferred so we do not need to request a new certificate in the new cluster.

func (*TLSCertificate) Descriptor deprecated

func (*TLSCertificate) Descriptor() ([]byte, []int)

Deprecated: Use TLSCertificate.ProtoReflect.Descriptor instead.

func (*TLSCertificate) GetCert

func (x *TLSCertificate) GetCert() []byte

func (*TLSCertificate) GetDomain

func (x *TLSCertificate) GetDomain() string

func (*TLSCertificate) ProtoMessage

func (*TLSCertificate) ProtoMessage()

func (*TLSCertificate) ProtoReflect

func (x *TLSCertificate) ProtoReflect() protoreflect.Message

func (*TLSCertificate) Reset

func (x *TLSCertificate) Reset()

func (*TLSCertificate) String

func (x *TLSCertificate) String() string

type TokenVersion

type TokenVersion int32
const (
	// Body contains are bare ReplToken and must be decoded explicitly
	TokenVersion_BARE_REPL_TOKEN TokenVersion = 0
	// Body contains a GovalToken and can be interrogated about the type of its own
	// message
	TokenVersion_TYPE_AWARE_TOKEN TokenVersion = 1
)

func (TokenVersion) Descriptor

func (TokenVersion) Enum

func (x TokenVersion) Enum() *TokenVersion

func (TokenVersion) EnumDescriptor deprecated

func (TokenVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use TokenVersion.Descriptor instead.

func (TokenVersion) Number

func (TokenVersion) String

func (x TokenVersion) String() string

func (TokenVersion) Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL