access

type AccessClient interface {
	// PermittedActions returns a list of actions the requester can perform
	// on a given resource.
	PermittedActions(ctx context.Context, in *PermittedActionsRequest, opts ...grpc.CallOption) (*PermittedActionsResponse, error)
	// Description returns types of resources and actions that this service
	// supports.
	// It is intended to be used as self-documentation, for humans that play
	// with the API.
	// If the concepts returned by this RPC are internal, it should be restricted.
	Description(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*DescriptionResponse, error)
}

type AccessServer interface {
	// PermittedActions returns a list of actions the requester can perform
	// on a given resource.
	PermittedActions(context.Context, *PermittedActionsRequest) (*PermittedActionsResponse, error)
	// Description returns types of resources and actions that this service
	// supports.
	// It is intended to be used as self-documentation, for humans that play
	// with the API.
	// If the concepts returned by this RPC are internal, it should be restricted.
	Description(context.Context, *emptypb.Empty) (*DescriptionResponse, error)
}

type DescriptionResponse struct {

	// Resources is a list of resource types presented on the given service.
	Resources []*DescriptionResponse_ResourceDescription `protobuf:"bytes,1,rep,name=resources,proto3" json:"resources,omitempty"`
	// contains filtered or unexported fields
}

type DescriptionResponse_ResourceDescription struct {

	// Kind identifies the resource type presented on the service.
	// Access.PermittedActions accepts one of resource kinds.
	// Example: "bucket" for buildbucket bucket, "package" for CIPD package.
	//
	// For implementers:
	// Kind must match regexp `^[a-z\-/]+$`.
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// Comment provides more info about the resource.
	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
	// Actions defines all possible actions that can be performed on this type
	// of resource.
	//
	// Map key is an action ID, unique within the resource.
	// It is referenced from Role.allowed_actions.
	//
	// For implementers:
	// ActionId must match regexp `^[A-Z\_]+$`.
	// Recommendations:
	// - "READ", not "GET"
	// - "DELETE", not "REMOVE"
	// - prefer concrete actions ("ADD_BUILD", "CHANGE_ACL", "INCREMENT") to
	//   abstract ones ("MODIFY", "WRITE", "UPDATE").
	Actions map[string]*DescriptionResponse_ResourceDescription_Action `` /* 155-byte string literal not displayed */
	// Roles maps a role id to a set of actions.
	// Access configurations are typically expressed with roles, not actions.
	//
	// For implementers:
	// Role IDs must match regexp `^[A-Z\_]+$`.
	// Recommendataion: if it makes sense, make role ID close to the action
	// names, e.g. READER can READ, SCHEDULER can SCHEDULE.
	Roles map[string]*DescriptionResponse_ResourceDescription_Role `` /* 151-byte string literal not displayed */
	// contains filtered or unexported fields
}

type DescriptionResponse_ResourceDescription_Action struct {

	// Comment provides more human-readable info about the action.
	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
	// contains filtered or unexported fields
}

type DescriptionResponse_ResourceDescription_Role struct {

	// AllowedActions is a set of action IDs.
	// It defines what a role bearer can do with the resource.
	AllowedActions []string `protobuf:"bytes,1,rep,name=allowed_actions,json=allowedActions,proto3" json:"allowed_actions,omitempty"`
	// Comment provides more info about the role.
	Comment string `protobuf:"bytes,2,opt,name=comment,proto3" json:"comment,omitempty"`
	// contains filtered or unexported fields
}

type PermittedActionsRequest struct {

	// ResourceKind is one of Resource.kind values returned by Access.Description.
	// It identifies the type of the resource being checked.
	ResourceKind string `protobuf:"bytes,1,opt,name=resource_kind,json=resourceKind,proto3" json:"resource_kind,omitempty"`
	// ResourceIds identifies the resources presented on this service.
	// For example, for a buildbucket bucket it would be a bucket name
	// ("luci.chromium.try").
	// For a CIPD package it would be a full package name,
	// "infra/git/linux-amd64".
	ResourceIds []string `protobuf:"bytes,2,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids,omitempty"`
	// contains filtered or unexported fields
}

type PermittedActionsResponse struct {

	// Permitted maps a resource id to resource permissions.
	Permitted map[string]*PermittedActionsResponse_ResourcePermissions `` /* 159-byte string literal not displayed */
	// ValiditiyDuration specifies for how long clients may cache this
	// information.
	ValidityDuration *durationpb.Duration `protobuf:"bytes,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
	// contains filtered or unexported fields
}

type PermittedActionsResponse_ResourcePermissions struct {

	// Actions is a list of action ids that the user can do on the resource.
	// For resources that do not exist, this list must be empty.
	Actions []string `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// contains filtered or unexported fields
}

type UnimplementedAccessServer struct {
}