Documentation

Overview

    Package access contains Access service protocol.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var File_go_chromium_org_luci_common_proto_access_access_proto protoreflect.FileDescriptor

    Functions

    func FileDescriptorSet

    func FileDescriptorSet() *descriptorpb.FileDescriptorSet

      FileDescriptorSet returns a descriptor set for this proto package, which includes all defined services, and all transitive dependencies.

      Will not return nil.

      Do NOT modify the returned descriptor.

      func RegisterAccessServer

      func RegisterAccessServer(s prpc.Registrar, srv AccessServer)

      Types

      type AccessClient

      type AccessClient interface {
      	// PermittedActions returns a list of actions the requester can perform
      	// on a given resource.
      	PermittedActions(ctx context.Context, in *PermittedActionsRequest, opts ...grpc.CallOption) (*PermittedActionsResponse, error)
      	// Description returns types of resources and actions that this service
      	// supports.
      	// It is intended to be used as self-documentation, for humans that play
      	// with the API.
      	// If the concepts returned by this RPC are internal, it should be restricted.
      	Description(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*DescriptionResponse, error)
      }

        AccessClient is the client API for Access service.

        For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

        func NewAccessClient

        func NewAccessClient(cc grpc.ClientConnInterface) AccessClient

        func NewAccessPRPCClient

        func NewAccessPRPCClient(client *prpc.Client) AccessClient

        type AccessServer

        type AccessServer interface {
        	// PermittedActions returns a list of actions the requester can perform
        	// on a given resource.
        	PermittedActions(context.Context, *PermittedActionsRequest) (*PermittedActionsResponse, error)
        	// Description returns types of resources and actions that this service
        	// supports.
        	// It is intended to be used as self-documentation, for humans that play
        	// with the API.
        	// If the concepts returned by this RPC are internal, it should be restricted.
        	Description(context.Context, *emptypb.Empty) (*DescriptionResponse, error)
        }

          AccessServer is the server API for Access service.

          type DescriptionResponse

          type DescriptionResponse struct {
          
          	// Resources is a list of resource types presented on the given service.
          	Resources []*DescriptionResponse_ResourceDescription `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources,omitempty"`
          	// contains filtered or unexported fields
          }

            DescriptionResponse is the response message from Access.Description.

            func (*DescriptionResponse) Descriptor

            func (*DescriptionResponse) Descriptor() ([]byte, []int)

              Deprecated: Use DescriptionResponse.ProtoReflect.Descriptor instead.

              func (*DescriptionResponse) GetResources

              func (*DescriptionResponse) ProtoMessage

              func (*DescriptionResponse) ProtoMessage()

              func (*DescriptionResponse) ProtoReflect

              func (x *DescriptionResponse) ProtoReflect() protoreflect.Message

              func (*DescriptionResponse) Reset

              func (x *DescriptionResponse) Reset()

              func (*DescriptionResponse) String

              func (x *DescriptionResponse) String() string

              type DescriptionResponse_ResourceDescription

              type DescriptionResponse_ResourceDescription struct {
              
              	// Kind identifies the resource type presented on the service.
              	// Access.PermittedActions accepts one of resource kinds.
              	// Example: "bucket" for buildbucket bucket, "package" for CIPD package.
              	//
              	// For implementers:
              	// Kind must match regexp `^[a-z\-/]+$`.
              	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
              	// Comment provides more info about the resource.
              	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
              	// Actions defines all possible actions that can be performed on this type
              	// of resource.
              	//
              	// Map key is an action ID, unique within the resource.
              	// It is referenced from Role.allowed_actions.
              	//
              	// For implementers:
              	// ActionId must match regexp `^[A-Z\_]+$`.
              	// Recommendations:
              	// - "READ", not "GET"
              	// - "DELETE", not "REMOVE"
              	// - prefer concrete actions ("ADD_BUILD", "CHANGE_ACL", "INCREMENT") to
              	//   abstract ones ("MODIFY", "WRITE", "UPDATE").
              	Actions map[string]*DescriptionResponse_ResourceDescription_Action `` /* 155-byte string literal not displayed */
              	// Roles maps a role id to a set of actions.
              	// Access configurations are typically expressed with roles, not actions.
              	//
              	// For implementers:
              	// Role IDs must match regexp `^[A-Z\_]+$`.
              	// Recommendataion: if it makes sense, make role ID close to the action
              	// names, e.g. READER can READ, SCHEDULER can SCHEDULE.
              	Roles map[string]*DescriptionResponse_ResourceDescription_Role `` /* 151-byte string literal not displayed */
              	// contains filtered or unexported fields
              }

                ResourceDescription is one resource type, e.g. buildbucket bucket or swarming pool.

                func (*DescriptionResponse_ResourceDescription) Descriptor

                func (*DescriptionResponse_ResourceDescription) Descriptor() ([]byte, []int)

                  Deprecated: Use DescriptionResponse_ResourceDescription.ProtoReflect.Descriptor instead.

                  func (*DescriptionResponse_ResourceDescription) GetActions

                  func (*DescriptionResponse_ResourceDescription) GetComment

                  func (*DescriptionResponse_ResourceDescription) GetKind

                  func (*DescriptionResponse_ResourceDescription) GetRoles

                  func (*DescriptionResponse_ResourceDescription) ProtoMessage

                  func (*DescriptionResponse_ResourceDescription) ProtoReflect

                  func (*DescriptionResponse_ResourceDescription) Reset

                  func (*DescriptionResponse_ResourceDescription) String

                  type DescriptionResponse_ResourceDescription_Action

                  type DescriptionResponse_ResourceDescription_Action struct {
                  
                  	// Comment provides more human-readable info about the action.
                  	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
                  	// contains filtered or unexported fields
                  }

                    Action describes what a user can do with a resource.

                    func (*DescriptionResponse_ResourceDescription_Action) Descriptor

                      Deprecated: Use DescriptionResponse_ResourceDescription_Action.ProtoReflect.Descriptor instead.

                      func (*DescriptionResponse_ResourceDescription_Action) GetComment

                      func (*DescriptionResponse_ResourceDescription_Action) ProtoMessage

                      func (*DescriptionResponse_ResourceDescription_Action) ProtoReflect

                      func (*DescriptionResponse_ResourceDescription_Action) Reset

                      func (*DescriptionResponse_ResourceDescription_Action) String

                      type DescriptionResponse_ResourceDescription_Role

                      type DescriptionResponse_ResourceDescription_Role struct {
                      
                      	// AllowedActions is a set of action IDs.
                      	// It defines what a role bearer can do with the resource.
                      	AllowedActions []string `protobuf:"bytes,1,rep,name=allowed_actions,json=allowedActions,proto3" json:"allowed_actions,omitempty"`
                      	// Comment provides more info about the role.
                      	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
                      	// contains filtered or unexported fields
                      }

                        Role is a named set of allowed actions.

                        func (*DescriptionResponse_ResourceDescription_Role) Descriptor

                          Deprecated: Use DescriptionResponse_ResourceDescription_Role.ProtoReflect.Descriptor instead.

                          func (*DescriptionResponse_ResourceDescription_Role) GetAllowedActions

                          func (x *DescriptionResponse_ResourceDescription_Role) GetAllowedActions() []string

                          func (*DescriptionResponse_ResourceDescription_Role) GetComment

                          func (*DescriptionResponse_ResourceDescription_Role) ProtoMessage

                          func (*DescriptionResponse_ResourceDescription_Role) ProtoReflect

                          func (*DescriptionResponse_ResourceDescription_Role) Reset

                          func (*DescriptionResponse_ResourceDescription_Role) String

                          type PermittedActionsRequest

                          type PermittedActionsRequest struct {
                          
                          	// ResourceKind is one of Resource.kind values returned by Access.Description.
                          	// It identifies the type of the resource being checked.
                          	ResourceKind string `protobuf:"bytes,1,opt,name=resource_kind,json=resourceKind,proto3" json:"resource_kind,omitempty"`
                          	// ResourceIds identifies the resources presented on this service.
                          	// For example, for a buildbucket bucket it would be a bucket name
                          	// ("luci.chromium.try").
                          	// For a CIPD package it would be a full package name,
                          	// "infra/git/linux-amd64".
                          	ResourceIds []string `protobuf:"bytes,2,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids,omitempty"`
                          	// contains filtered or unexported fields
                          }

                            PermittedActionsRequest is a request message to Access.PermittedActions.

                            Besides explicit fields in the message, there is an implicit parameter: the current identity which is defined by the "Authorization" OAuth 2.0 HTTP header and, optionally, LUCI-specific delegation token header.

                            func (*PermittedActionsRequest) Descriptor

                            func (*PermittedActionsRequest) Descriptor() ([]byte, []int)

                              Deprecated: Use PermittedActionsRequest.ProtoReflect.Descriptor instead.

                              func (*PermittedActionsRequest) GetResourceIds

                              func (x *PermittedActionsRequest) GetResourceIds() []string

                              func (*PermittedActionsRequest) GetResourceKind

                              func (x *PermittedActionsRequest) GetResourceKind() string

                              func (*PermittedActionsRequest) ProtoMessage

                              func (*PermittedActionsRequest) ProtoMessage()

                              func (*PermittedActionsRequest) ProtoReflect

                              func (x *PermittedActionsRequest) ProtoReflect() protoreflect.Message

                              func (*PermittedActionsRequest) Reset

                              func (x *PermittedActionsRequest) Reset()

                              func (*PermittedActionsRequest) String

                              func (x *PermittedActionsRequest) String() string

                              type PermittedActionsResponse

                              type PermittedActionsResponse struct {
                              
                              	// Permitted maps a resource id to resource permissions.
                              	Permitted map[string]*PermittedActionsResponse_ResourcePermissions `` /* 159-byte string literal not displayed */
                              	// ValiditiyDuration specifies for how long clients may cache this
                              	// information.
                              	ValidityDuration *durationpb.Duration `protobuf:"bytes,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
                              	// contains filtered or unexported fields
                              }

                                PermittedActionsResponse is the response message of the Accses.PermittedActions.

                                func (*PermittedActionsResponse) Descriptor

                                func (*PermittedActionsResponse) Descriptor() ([]byte, []int)

                                  Deprecated: Use PermittedActionsResponse.ProtoReflect.Descriptor instead.

                                  func (*PermittedActionsResponse) GetPermitted

                                  func (*PermittedActionsResponse) GetValidityDuration

                                  func (x *PermittedActionsResponse) GetValidityDuration() *durationpb.Duration

                                  func (*PermittedActionsResponse) ProtoMessage

                                  func (*PermittedActionsResponse) ProtoMessage()

                                  func (*PermittedActionsResponse) ProtoReflect

                                  func (x *PermittedActionsResponse) ProtoReflect() protoreflect.Message

                                  func (*PermittedActionsResponse) Reset

                                  func (x *PermittedActionsResponse) Reset()

                                  func (*PermittedActionsResponse) String

                                  func (x *PermittedActionsResponse) String() string

                                  type PermittedActionsResponse_ResourcePermissions

                                  type PermittedActionsResponse_ResourcePermissions struct {
                                  
                                  	// Actions is a list of action ids that the user can do on the resource.
                                  	// For resources that do not exist, this list must be empty.
                                  	Actions []string `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
                                  	// contains filtered or unexported fields
                                  }

                                    ResourcePermissions describes what is permitted on a single resource.

                                    func (*PermittedActionsResponse_ResourcePermissions) Descriptor

                                      Deprecated: Use PermittedActionsResponse_ResourcePermissions.ProtoReflect.Descriptor instead.

                                      func (*PermittedActionsResponse_ResourcePermissions) GetActions

                                      func (*PermittedActionsResponse_ResourcePermissions) ProtoMessage

                                      func (*PermittedActionsResponse_ResourcePermissions) ProtoReflect

                                      func (*PermittedActionsResponse_ResourcePermissions) Reset

                                      func (*PermittedActionsResponse_ResourcePermissions) String

                                      type UnimplementedAccessServer

                                      type UnimplementedAccessServer struct {
                                      }

                                        UnimplementedAccessServer can be embedded to have forward compatible implementations.

                                        func (*UnimplementedAccessServer) Description

                                        func (*UnimplementedAccessServer) PermittedActions