luci: go.chromium.org/luci/server/auth/service/protocol Index | Files

package protocol

import "go.chromium.org/luci/server/auth/service/protocol"

Index

Package Files

generate.go replication.pb.go security_config.pb.go

Variables

var ReplicationPushResponse_ErrorCode_name = map[int32]string{
    0:  "ERROR_UNKNOWN",
    1:  "NOT_A_REPLICA",
    2:  "FORBIDDEN",
    3:  "MISSING_SIGNATURE",
    4:  "BAD_SIGNATURE",
    5:  "BAD_REQUEST",
}
var ReplicationPushResponse_ErrorCode_value = map[string]int32{
    "ERROR_UNKNOWN":     0,
    "NOT_A_REPLICA":     1,
    "FORBIDDEN":         2,
    "MISSING_SIGNATURE": 3,
    "BAD_SIGNATURE":     4,
    "BAD_REQUEST":       5,
}
var ReplicationPushResponse_Status_name = map[int32]string{
    0:  "APPLIED",
    1:  "SKIPPED",
    2:  "TRANSIENT_ERROR",
    3:  "FATAL_ERROR",
}
var ReplicationPushResponse_Status_value = map[string]int32{
    "APPLIED":         0,
    "SKIPPED":         1,
    "TRANSIENT_ERROR": 2,
    "FATAL_ERROR":     3,
}
var ServiceLinkResponse_Status_name = map[int32]string{
    0:  "SUCCESS",
    1:  "TRANSPORT_ERROR",
    2:  "BAD_TICKET",
    3:  "AUTH_ERROR",
}
var ServiceLinkResponse_Status_value = map[string]int32{
    "SUCCESS":         0,
    "TRANSPORT_ERROR": 1,
    "BAD_TICKET":      2,
    "AUTH_ERROR":      3,
}

type AuthDB Uses

type AuthDB struct {
    // OAuth2 client_id to use to mint new OAuth2 tokens.
    OauthClientId string `protobuf:"bytes,1,opt,name=oauth_client_id,json=oauthClientId,proto3" json:"oauth_client_id,omitempty"`
    // OAuth2 client secret. Not so secret really, since it's passed to clients.
    OauthClientSecret string `protobuf:"bytes,2,opt,name=oauth_client_secret,json=oauthClientSecret,proto3" json:"oauth_client_secret,omitempty"`
    // Additional OAuth2 client_ids allowed to access the services.
    OauthAdditionalClientIds []string `protobuf:"bytes,3,rep,name=oauth_additional_client_ids,json=oauthAdditionalClientIds,proto3" json:"oauth_additional_client_ids,omitempty"`
    // All groups.
    Groups []*AuthGroup `protobuf:"bytes,4,rep,name=groups,proto3" json:"groups,omitempty"`
    // All IP whitelists.
    IpWhitelists []*AuthIPWhitelist `protobuf:"bytes,6,rep,name=ip_whitelists,json=ipWhitelists,proto3" json:"ip_whitelists,omitempty"`
    // Mapping 'account -> IP whitlist to use for that account'.
    IpWhitelistAssignments []*AuthIPWhitelistAssignment `protobuf:"bytes,7,rep,name=ip_whitelist_assignments,json=ipWhitelistAssignments,proto3" json:"ip_whitelist_assignments,omitempty"`
    // URL of a token server to use to generate delegation tokens.
    TokenServerUrl string `protobuf:"bytes,8,opt,name=token_server_url,json=tokenServerUrl,proto3" json:"token_server_url,omitempty"`
    // Serialized security_config.SecurityConfig proto with security-related
    // configuration to distribute across all services.
    //
    // It is distributed in a serialized form to make sure old services ingest it
    // fully, even if they don't understand some SecurityConfig proto fields
    // (yet). As soon as their code is updated, they SHOULD start using all
    // SecurityConfig fields, without waiting for another push from Auth Service.
    //
    // If we use SecurityConfig directly here, old services would just drop fields
    // they don't understand when accepting an AuthDB push.
    SecurityConfig       []byte   `protobuf:"bytes,9,opt,name=security_config,json=securityConfig,proto3" json:"security_config,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

An entire database of auth configuration that is being replicated.

func (*AuthDB) Descriptor Uses

func (*AuthDB) Descriptor() ([]byte, []int)

func (*AuthDB) GetGroups Uses

func (m *AuthDB) GetGroups() []*AuthGroup

func (*AuthDB) GetIpWhitelistAssignments Uses

func (m *AuthDB) GetIpWhitelistAssignments() []*AuthIPWhitelistAssignment

func (*AuthDB) GetIpWhitelists Uses

func (m *AuthDB) GetIpWhitelists() []*AuthIPWhitelist

func (*AuthDB) GetOauthAdditionalClientIds Uses

func (m *AuthDB) GetOauthAdditionalClientIds() []string

func (*AuthDB) GetOauthClientId Uses

func (m *AuthDB) GetOauthClientId() string

func (*AuthDB) GetOauthClientSecret Uses

func (m *AuthDB) GetOauthClientSecret() string

func (*AuthDB) GetSecurityConfig Uses

func (m *AuthDB) GetSecurityConfig() []byte

func (*AuthDB) GetTokenServerUrl Uses

func (m *AuthDB) GetTokenServerUrl() string

func (*AuthDB) ProtoMessage Uses

func (*AuthDB) ProtoMessage()

func (*AuthDB) Reset Uses

func (m *AuthDB) Reset()

func (*AuthDB) String Uses

func (m *AuthDB) String() string

func (*AuthDB) XXX_DiscardUnknown Uses

func (m *AuthDB) XXX_DiscardUnknown()

func (*AuthDB) XXX_Marshal Uses

func (m *AuthDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthDB) XXX_Merge Uses

func (m *AuthDB) XXX_Merge(src proto.Message)

func (*AuthDB) XXX_Size Uses

func (m *AuthDB) XXX_Size() int

func (*AuthDB) XXX_Unmarshal Uses

func (m *AuthDB) XXX_Unmarshal(b []byte) error

type AuthDBRevision Uses

type AuthDBRevision struct {
    // GAE App ID of a service holding primary copy of Auth DB.
    PrimaryId string `protobuf:"bytes,1,opt,name=primary_id,json=primaryId,proto3" json:"primary_id,omitempty"`
    // Revision of Auth DB being pushed.
    AuthDbRev int64 `protobuf:"varint,2,opt,name=auth_db_rev,json=authDbRev,proto3" json:"auth_db_rev,omitempty"`
    // Timestamp of that revision by Primary's clock, microseconds since epoch.
    ModifiedTs           int64    `protobuf:"varint,3,opt,name=modified_ts,json=modifiedTs,proto3" json:"modified_ts,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Information about some particular revision of auth DB.

func (*AuthDBRevision) Descriptor Uses

func (*AuthDBRevision) Descriptor() ([]byte, []int)

func (*AuthDBRevision) GetAuthDbRev Uses

func (m *AuthDBRevision) GetAuthDbRev() int64

func (*AuthDBRevision) GetModifiedTs Uses

func (m *AuthDBRevision) GetModifiedTs() int64

func (*AuthDBRevision) GetPrimaryId Uses

func (m *AuthDBRevision) GetPrimaryId() string

func (*AuthDBRevision) ProtoMessage Uses

func (*AuthDBRevision) ProtoMessage()

func (*AuthDBRevision) Reset Uses

func (m *AuthDBRevision) Reset()

func (*AuthDBRevision) String Uses

func (m *AuthDBRevision) String() string

func (*AuthDBRevision) XXX_DiscardUnknown Uses

func (m *AuthDBRevision) XXX_DiscardUnknown()

func (*AuthDBRevision) XXX_Marshal Uses

func (m *AuthDBRevision) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthDBRevision) XXX_Merge Uses

func (m *AuthDBRevision) XXX_Merge(src proto.Message)

func (*AuthDBRevision) XXX_Size Uses

func (m *AuthDBRevision) XXX_Size() int

func (*AuthDBRevision) XXX_Unmarshal Uses

func (m *AuthDBRevision) XXX_Unmarshal(b []byte) error

type AuthGroup Uses

type AuthGroup struct {
    // Name of the group.
    Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
    // List of members that are explicitly in this group.
    Members []string `protobuf:"bytes,2,rep,name=members,proto3" json:"members,omitempty"`
    // List of identity-glob expressions (like 'user:*@example.com').
    Globs []string `protobuf:"bytes,3,rep,name=globs,proto3" json:"globs,omitempty"`
    // List of nested group names.
    Nested []string `protobuf:"bytes,4,rep,name=nested,proto3" json:"nested,omitempty"`
    // Human readable description.
    Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`
    // When the group was created. Microseconds since epoch.
    CreatedTs int64 `protobuf:"varint,6,opt,name=created_ts,json=createdTs,proto3" json:"created_ts,omitempty"`
    // Who created the group.
    CreatedBy string `protobuf:"bytes,7,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"`
    // When the group was modified last time. Microseconds since epoch.
    ModifiedTs int64 `protobuf:"varint,8,opt,name=modified_ts,json=modifiedTs,proto3" json:"modified_ts,omitempty"`
    // Who modified the group last time.
    ModifiedBy string `protobuf:"bytes,9,opt,name=modified_by,json=modifiedBy,proto3" json:"modified_by,omitempty"`
    // A name of the group that can modify or delete this group.
    Owners               string   `protobuf:"bytes,10,opt,name=owners,proto3" json:"owners,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Some user group. Corresponds to AuthGroup entity in model.py.

func (*AuthGroup) Descriptor Uses

func (*AuthGroup) Descriptor() ([]byte, []int)

func (*AuthGroup) GetCreatedBy Uses

func (m *AuthGroup) GetCreatedBy() string

func (*AuthGroup) GetCreatedTs Uses

func (m *AuthGroup) GetCreatedTs() int64

func (*AuthGroup) GetDescription Uses

func (m *AuthGroup) GetDescription() string

func (*AuthGroup) GetGlobs Uses

func (m *AuthGroup) GetGlobs() []string

func (*AuthGroup) GetMembers Uses

func (m *AuthGroup) GetMembers() []string

func (*AuthGroup) GetModifiedBy Uses

func (m *AuthGroup) GetModifiedBy() string

func (*AuthGroup) GetModifiedTs Uses

func (m *AuthGroup) GetModifiedTs() int64

func (*AuthGroup) GetName Uses

func (m *AuthGroup) GetName() string

func (*AuthGroup) GetNested Uses

func (m *AuthGroup) GetNested() []string

func (*AuthGroup) GetOwners Uses

func (m *AuthGroup) GetOwners() string

func (*AuthGroup) ProtoMessage Uses

func (*AuthGroup) ProtoMessage()

func (*AuthGroup) Reset Uses

func (m *AuthGroup) Reset()

func (*AuthGroup) String Uses

func (m *AuthGroup) String() string

func (*AuthGroup) XXX_DiscardUnknown Uses

func (m *AuthGroup) XXX_DiscardUnknown()

func (*AuthGroup) XXX_Marshal Uses

func (m *AuthGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthGroup) XXX_Merge Uses

func (m *AuthGroup) XXX_Merge(src proto.Message)

func (*AuthGroup) XXX_Size Uses

func (m *AuthGroup) XXX_Size() int

func (*AuthGroup) XXX_Unmarshal Uses

func (m *AuthGroup) XXX_Unmarshal(b []byte) error

type AuthIPWhitelist Uses

type AuthIPWhitelist struct {
    // Name of the IP whitelist.
    Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
    // The list of IP subnets.
    Subnets []string `protobuf:"bytes,2,rep,name=subnets,proto3" json:"subnets,omitempty"`
    // Human readable description.
    Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
    // When the list was created. Microseconds since epoch.
    CreatedTs int64 `protobuf:"varint,4,opt,name=created_ts,json=createdTs,proto3" json:"created_ts,omitempty"`
    // Who created the list.
    CreatedBy string `protobuf:"bytes,5,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"`
    // When the list was modified. Microseconds since epoch.
    ModifiedTs int64 `protobuf:"varint,6,opt,name=modified_ts,json=modifiedTs,proto3" json:"modified_ts,omitempty"`
    // Who modified the list the last time.
    ModifiedBy           string   `protobuf:"bytes,7,opt,name=modified_by,json=modifiedBy,proto3" json:"modified_by,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

A named set of whitelisted IP addresses. Corresponds to AuthIPWhitelist entity in model.py.

func (*AuthIPWhitelist) Descriptor Uses

func (*AuthIPWhitelist) Descriptor() ([]byte, []int)

func (*AuthIPWhitelist) GetCreatedBy Uses

func (m *AuthIPWhitelist) GetCreatedBy() string

func (*AuthIPWhitelist) GetCreatedTs Uses

func (m *AuthIPWhitelist) GetCreatedTs() int64

func (*AuthIPWhitelist) GetDescription Uses

func (m *AuthIPWhitelist) GetDescription() string

func (*AuthIPWhitelist) GetModifiedBy Uses

func (m *AuthIPWhitelist) GetModifiedBy() string

func (*AuthIPWhitelist) GetModifiedTs Uses

func (m *AuthIPWhitelist) GetModifiedTs() int64

func (*AuthIPWhitelist) GetName Uses

func (m *AuthIPWhitelist) GetName() string

func (*AuthIPWhitelist) GetSubnets Uses

func (m *AuthIPWhitelist) GetSubnets() []string

func (*AuthIPWhitelist) ProtoMessage Uses

func (*AuthIPWhitelist) ProtoMessage()

func (*AuthIPWhitelist) Reset Uses

func (m *AuthIPWhitelist) Reset()

func (*AuthIPWhitelist) String Uses

func (m *AuthIPWhitelist) String() string

func (*AuthIPWhitelist) XXX_DiscardUnknown Uses

func (m *AuthIPWhitelist) XXX_DiscardUnknown()

func (*AuthIPWhitelist) XXX_Marshal Uses

func (m *AuthIPWhitelist) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthIPWhitelist) XXX_Merge Uses

func (m *AuthIPWhitelist) XXX_Merge(src proto.Message)

func (*AuthIPWhitelist) XXX_Size Uses

func (m *AuthIPWhitelist) XXX_Size() int

func (*AuthIPWhitelist) XXX_Unmarshal Uses

func (m *AuthIPWhitelist) XXX_Unmarshal(b []byte) error

type AuthIPWhitelistAssignment Uses

type AuthIPWhitelistAssignment struct {
    // Identity name to limit by IP whitelist.
    Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
    // Name of IP whitelist to use (see AuthIPWhitelist).
    IpWhitelist string `protobuf:"bytes,2,opt,name=ip_whitelist,json=ipWhitelist,proto3" json:"ip_whitelist,omitempty"`
    // Why the assignment was created.
    Comment string `protobuf:"bytes,3,opt,name=comment,proto3" json:"comment,omitempty"`
    // When the assignment was created. Microseconds since epoch.
    CreatedTs int64 `protobuf:"varint,4,opt,name=created_ts,json=createdTs,proto3" json:"created_ts,omitempty"`
    // Who created the assignment.
    CreatedBy            string   `protobuf:"bytes,5,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

A pair (identity, IP whitelist name) plus some metadata. Corresponds to AuthIPWhitelistAssignments.Assignment model in model.py.

func (*AuthIPWhitelistAssignment) Descriptor Uses

func (*AuthIPWhitelistAssignment) Descriptor() ([]byte, []int)

func (*AuthIPWhitelistAssignment) GetComment Uses

func (m *AuthIPWhitelistAssignment) GetComment() string

func (*AuthIPWhitelistAssignment) GetCreatedBy Uses

func (m *AuthIPWhitelistAssignment) GetCreatedBy() string

func (*AuthIPWhitelistAssignment) GetCreatedTs Uses

func (m *AuthIPWhitelistAssignment) GetCreatedTs() int64

func (*AuthIPWhitelistAssignment) GetIdentity Uses

func (m *AuthIPWhitelistAssignment) GetIdentity() string

func (*AuthIPWhitelistAssignment) GetIpWhitelist Uses

func (m *AuthIPWhitelistAssignment) GetIpWhitelist() string

func (*AuthIPWhitelistAssignment) ProtoMessage Uses

func (*AuthIPWhitelistAssignment) ProtoMessage()

func (*AuthIPWhitelistAssignment) Reset Uses

func (m *AuthIPWhitelistAssignment) Reset()

func (*AuthIPWhitelistAssignment) String Uses

func (m *AuthIPWhitelistAssignment) String() string

func (*AuthIPWhitelistAssignment) XXX_DiscardUnknown Uses

func (m *AuthIPWhitelistAssignment) XXX_DiscardUnknown()

func (*AuthIPWhitelistAssignment) XXX_Marshal Uses

func (m *AuthIPWhitelistAssignment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthIPWhitelistAssignment) XXX_Merge Uses

func (m *AuthIPWhitelistAssignment) XXX_Merge(src proto.Message)

func (*AuthIPWhitelistAssignment) XXX_Size Uses

func (m *AuthIPWhitelistAssignment) XXX_Size() int

func (*AuthIPWhitelistAssignment) XXX_Unmarshal Uses

func (m *AuthIPWhitelistAssignment) XXX_Unmarshal(b []byte) error

type ChangeNotification Uses

type ChangeNotification struct {
    // New revision of the AuthDB.
    Revision             *AuthDBRevision `protobuf:"bytes,1,opt,name=revision,proto3" json:"revision,omitempty"`
    XXX_NoUnkeyedLiteral struct{}        `json:"-"`
    XXX_unrecognized     []byte          `json:"-"`
    XXX_sizecache        int32           `json:"-"`
}

Published by Primary into 'auth-db-changed' PubSub topic. The body of the message is base64 encoded serialized ChangeNotification. Additional attributes are:

X-AuthDB-SigKey-v1: <id of a public key>
X-AuthDB-SigVal-v1: <base64 encoded RSA-SHA256(blob) signature>

func (*ChangeNotification) Descriptor Uses

func (*ChangeNotification) Descriptor() ([]byte, []int)

func (*ChangeNotification) GetRevision Uses

func (m *ChangeNotification) GetRevision() *AuthDBRevision

func (*ChangeNotification) ProtoMessage Uses

func (*ChangeNotification) ProtoMessage()

func (*ChangeNotification) Reset Uses

func (m *ChangeNotification) Reset()

func (*ChangeNotification) String Uses

func (m *ChangeNotification) String() string

func (*ChangeNotification) XXX_DiscardUnknown Uses

func (m *ChangeNotification) XXX_DiscardUnknown()

func (*ChangeNotification) XXX_Marshal Uses

func (m *ChangeNotification) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ChangeNotification) XXX_Merge Uses

func (m *ChangeNotification) XXX_Merge(src proto.Message)

func (*ChangeNotification) XXX_Size Uses

func (m *ChangeNotification) XXX_Size() int

func (*ChangeNotification) XXX_Unmarshal Uses

func (m *ChangeNotification) XXX_Unmarshal(b []byte) error

type ReplicationPushRequest Uses

type ReplicationPushRequest struct {
    // Revision that is being pushed.
    Revision *AuthDBRevision `protobuf:"bytes,1,opt,name=revision,proto3" json:"revision,omitempty"`
    // An entire database of auth configuration for specific revision.
    AuthDb *AuthDB `protobuf:"bytes,2,opt,name=auth_db,json=authDb,proto3" json:"auth_db,omitempty"`
    // Version of 'auth' component on Primary, see components/auth/version.py.
    AuthCodeVersion      string   `protobuf:"bytes,3,opt,name=auth_code_version,json=authCodeVersion,proto3" json:"auth_code_version,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Sent from Primary to Replica to update Replica's AuthDB.

Primary signs the entire serialized message with its private key and appends two headers to HTTP request that carries the blob:

X-AuthDB-SigKey-v1: <id of a public key>
X-AuthDB-SigVal-v1: <base64 encoded RSA-SHA256(SHA512(blob)) signature>

Binary serialization of ReplicationPushRequest is sometimes misleadingly called "AuthDB blob". It is stored in Datastore (as is) and in Google Storage (as serialized SignedAuthDB) for consumers that do not use Primary -> Replica protocol.

func (*ReplicationPushRequest) Descriptor Uses

func (*ReplicationPushRequest) Descriptor() ([]byte, []int)

func (*ReplicationPushRequest) GetAuthCodeVersion Uses

func (m *ReplicationPushRequest) GetAuthCodeVersion() string

func (*ReplicationPushRequest) GetAuthDb Uses

func (m *ReplicationPushRequest) GetAuthDb() *AuthDB

func (*ReplicationPushRequest) GetRevision Uses

func (m *ReplicationPushRequest) GetRevision() *AuthDBRevision

func (*ReplicationPushRequest) ProtoMessage Uses

func (*ReplicationPushRequest) ProtoMessage()

func (*ReplicationPushRequest) Reset Uses

func (m *ReplicationPushRequest) Reset()

func (*ReplicationPushRequest) String Uses

func (m *ReplicationPushRequest) String() string

func (*ReplicationPushRequest) XXX_DiscardUnknown Uses

func (m *ReplicationPushRequest) XXX_DiscardUnknown()

func (*ReplicationPushRequest) XXX_Marshal Uses

func (m *ReplicationPushRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReplicationPushRequest) XXX_Merge Uses

func (m *ReplicationPushRequest) XXX_Merge(src proto.Message)

func (*ReplicationPushRequest) XXX_Size Uses

func (m *ReplicationPushRequest) XXX_Size() int

func (*ReplicationPushRequest) XXX_Unmarshal Uses

func (m *ReplicationPushRequest) XXX_Unmarshal(b []byte) error

type ReplicationPushResponse Uses

type ReplicationPushResponse struct {
    // Overall status of the operation.
    Status ReplicationPushResponse_Status `protobuf:"varint,1,opt,name=status,proto3,enum=components.auth.ReplicationPushResponse_Status" json:"status,omitempty"`
    // Revision known by Replica (set for APPLIED and SKIPPED statuses).
    CurrentRevision *AuthDBRevision `protobuf:"bytes,2,opt,name=current_revision,json=currentRevision,proto3" json:"current_revision,omitempty"`
    // Present for TRANSIENT_ERROR and FATAL_ERROR statuses.
    ErrorCode ReplicationPushResponse_ErrorCode `protobuf:"varint,3,opt,name=error_code,json=errorCode,proto3,enum=components.auth.ReplicationPushResponse_ErrorCode" json:"error_code,omitempty"`
    // Version of 'auth' component on Replica, see components/auth/version.py.
    AuthCodeVersion      string   `protobuf:"bytes,4,opt,name=auth_code_version,json=authCodeVersion,proto3" json:"auth_code_version,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Replica's response to ReplicationPushRequest.

func (*ReplicationPushResponse) Descriptor Uses

func (*ReplicationPushResponse) Descriptor() ([]byte, []int)

func (*ReplicationPushResponse) GetAuthCodeVersion Uses

func (m *ReplicationPushResponse) GetAuthCodeVersion() string

func (*ReplicationPushResponse) GetCurrentRevision Uses

func (m *ReplicationPushResponse) GetCurrentRevision() *AuthDBRevision

func (*ReplicationPushResponse) GetErrorCode Uses

func (m *ReplicationPushResponse) GetErrorCode() ReplicationPushResponse_ErrorCode

func (*ReplicationPushResponse) GetStatus Uses

func (m *ReplicationPushResponse) GetStatus() ReplicationPushResponse_Status

func (*ReplicationPushResponse) ProtoMessage Uses

func (*ReplicationPushResponse) ProtoMessage()

func (*ReplicationPushResponse) Reset Uses

func (m *ReplicationPushResponse) Reset()

func (*ReplicationPushResponse) String Uses

func (m *ReplicationPushResponse) String() string

func (*ReplicationPushResponse) XXX_DiscardUnknown Uses

func (m *ReplicationPushResponse) XXX_DiscardUnknown()

func (*ReplicationPushResponse) XXX_Marshal Uses

func (m *ReplicationPushResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ReplicationPushResponse) XXX_Merge Uses

func (m *ReplicationPushResponse) XXX_Merge(src proto.Message)

func (*ReplicationPushResponse) XXX_Size Uses

func (m *ReplicationPushResponse) XXX_Size() int

func (*ReplicationPushResponse) XXX_Unmarshal Uses

func (m *ReplicationPushResponse) XXX_Unmarshal(b []byte) error

type ReplicationPushResponse_ErrorCode Uses

type ReplicationPushResponse_ErrorCode int32

Error codes, for TRANSIENT_ERROR and FATAL_ERROR statuses.

const (
    // Some unrecognized error.
    ReplicationPushResponse_ERROR_UNKNOWN ReplicationPushResponse_ErrorCode = 0
    // Trying to push an update to service that is not a replica.
    ReplicationPushResponse_NOT_A_REPLICA ReplicationPushResponse_ErrorCode = 1
    // Replica doesn't know about the service that pushing the update.
    ReplicationPushResponse_FORBIDDEN ReplicationPushResponse_ErrorCode = 2
    // Signature headers are missing.
    ReplicationPushResponse_MISSING_SIGNATURE ReplicationPushResponse_ErrorCode = 3
    // Signature is not valid.
    ReplicationPushResponse_BAD_SIGNATURE ReplicationPushResponse_ErrorCode = 4
    // Format of the request is not valid.
    ReplicationPushResponse_BAD_REQUEST ReplicationPushResponse_ErrorCode = 5
)

func (ReplicationPushResponse_ErrorCode) EnumDescriptor Uses

func (ReplicationPushResponse_ErrorCode) EnumDescriptor() ([]byte, []int)

func (ReplicationPushResponse_ErrorCode) String Uses

func (x ReplicationPushResponse_ErrorCode) String() string

type ReplicationPushResponse_Status Uses

type ReplicationPushResponse_Status int32

Overall status of the operation.

const (
    // Replica accepted the push request and updated its copy of auth db.
    ReplicationPushResponse_APPLIED ReplicationPushResponse_Status = 0
    // Replica has a newer version of AuthDB, the push request is skipped.
    ReplicationPushResponse_SKIPPED ReplicationPushResponse_Status = 1
    // Non fatal error happened, the push request may be retried.
    ReplicationPushResponse_TRANSIENT_ERROR ReplicationPushResponse_Status = 2
    // Fatal error happened, the push request must not be retried.
    ReplicationPushResponse_FATAL_ERROR ReplicationPushResponse_Status = 3
)

func (ReplicationPushResponse_Status) EnumDescriptor Uses

func (ReplicationPushResponse_Status) EnumDescriptor() ([]byte, []int)

func (ReplicationPushResponse_Status) String Uses

func (x ReplicationPushResponse_Status) String() string

type SecurityConfig Uses

type SecurityConfig struct {
    // A list of regular expressions matching hostnames that should be recognized
    // as being a part of single LUCI deployment.
    //
    // Different microservices within a single LUCI deployment may trust each
    // other. This setting (coupled with the TLS certificate check) allows
    // a service to recognize that a target of an RPC is another internal service
    // belonging to the same LUCI deployment.
    //
    // '^' and '$' are implied. The regexp language is intersection of Python and
    // Golang regexp languages and thus should use only very standard features
    // common to both.
    //
    // Example: "(.*-dot-)?chromium-swarm\.appspot\.com".
    InternalServiceRegexp []string `protobuf:"bytes,1,rep,name=internal_service_regexp,json=internalServiceRegexp,proto3" json:"internal_service_regexp,omitempty"`
    XXX_NoUnkeyedLiteral  struct{} `json:"-"`
    XXX_unrecognized      []byte   `json:"-"`
    XXX_sizecache         int32    `json:"-"`
}

SecurityConfig is read from 'security.cfg' by Auth Service and distributed to all linked services (in its serialized form) as part of AuthDB proto.

See AuthDB.security_config in replication.proto.

func (*SecurityConfig) Descriptor Uses

func (*SecurityConfig) Descriptor() ([]byte, []int)

func (*SecurityConfig) GetInternalServiceRegexp Uses

func (m *SecurityConfig) GetInternalServiceRegexp() []string

func (*SecurityConfig) ProtoMessage Uses

func (*SecurityConfig) ProtoMessage()

func (*SecurityConfig) Reset Uses

func (m *SecurityConfig) Reset()

func (*SecurityConfig) String Uses

func (m *SecurityConfig) String() string

func (*SecurityConfig) XXX_DiscardUnknown Uses

func (m *SecurityConfig) XXX_DiscardUnknown()

func (*SecurityConfig) XXX_Marshal Uses

func (m *SecurityConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityConfig) XXX_Merge Uses

func (m *SecurityConfig) XXX_Merge(src proto.Message)

func (*SecurityConfig) XXX_Size Uses

func (m *SecurityConfig) XXX_Size() int

func (*SecurityConfig) XXX_Unmarshal Uses

func (m *SecurityConfig) XXX_Unmarshal(b []byte) error

type ServiceLinkRequest Uses

type ServiceLinkRequest struct {
    // Same ticket that was passed to Replica via ServiceLinkTicket.
    Ticket []byte `protobuf:"bytes,1,opt,name=ticket,proto3" json:"ticket,omitempty"`
    // URL to use when making requests to Replica from Primary.
    ReplicaUrl string `protobuf:"bytes,2,opt,name=replica_url,json=replicaUrl,proto3" json:"replica_url,omitempty"`
    // Identity of a user that accepted the ticket and initiated this request.
    InitiatedBy          string   `protobuf:"bytes,3,opt,name=initiated_by,json=initiatedBy,proto3" json:"initiated_by,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Sent from Replica to Primary via direct serivce <-> service HTTP call, replicas app_id would be available via X-Appengine-Inbound-Appid header.

func (*ServiceLinkRequest) Descriptor Uses

func (*ServiceLinkRequest) Descriptor() ([]byte, []int)

func (*ServiceLinkRequest) GetInitiatedBy Uses

func (m *ServiceLinkRequest) GetInitiatedBy() string

func (*ServiceLinkRequest) GetReplicaUrl Uses

func (m *ServiceLinkRequest) GetReplicaUrl() string

func (*ServiceLinkRequest) GetTicket Uses

func (m *ServiceLinkRequest) GetTicket() []byte

func (*ServiceLinkRequest) ProtoMessage Uses

func (*ServiceLinkRequest) ProtoMessage()

func (*ServiceLinkRequest) Reset Uses

func (m *ServiceLinkRequest) Reset()

func (*ServiceLinkRequest) String Uses

func (m *ServiceLinkRequest) String() string

func (*ServiceLinkRequest) XXX_DiscardUnknown Uses

func (m *ServiceLinkRequest) XXX_DiscardUnknown()

func (*ServiceLinkRequest) XXX_Marshal Uses

func (m *ServiceLinkRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceLinkRequest) XXX_Merge Uses

func (m *ServiceLinkRequest) XXX_Merge(src proto.Message)

func (*ServiceLinkRequest) XXX_Size Uses

func (m *ServiceLinkRequest) XXX_Size() int

func (*ServiceLinkRequest) XXX_Unmarshal Uses

func (m *ServiceLinkRequest) XXX_Unmarshal(b []byte) error

type ServiceLinkResponse Uses

type ServiceLinkResponse struct {
    Status               ServiceLinkResponse_Status `protobuf:"varint,1,opt,name=status,proto3,enum=components.auth.ServiceLinkResponse_Status" json:"status,omitempty"`
    XXX_NoUnkeyedLiteral struct{}                   `json:"-"`
    XXX_unrecognized     []byte                     `json:"-"`
    XXX_sizecache        int32                      `json:"-"`
}

Primary's response to ServiceLinkRequest. Always returned with HTTP code 200.

func (*ServiceLinkResponse) Descriptor Uses

func (*ServiceLinkResponse) Descriptor() ([]byte, []int)

func (*ServiceLinkResponse) GetStatus Uses

func (m *ServiceLinkResponse) GetStatus() ServiceLinkResponse_Status

func (*ServiceLinkResponse) ProtoMessage Uses

func (*ServiceLinkResponse) ProtoMessage()

func (*ServiceLinkResponse) Reset Uses

func (m *ServiceLinkResponse) Reset()

func (*ServiceLinkResponse) String Uses

func (m *ServiceLinkResponse) String() string

func (*ServiceLinkResponse) XXX_DiscardUnknown Uses

func (m *ServiceLinkResponse) XXX_DiscardUnknown()

func (*ServiceLinkResponse) XXX_Marshal Uses

func (m *ServiceLinkResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceLinkResponse) XXX_Merge Uses

func (m *ServiceLinkResponse) XXX_Merge(src proto.Message)

func (*ServiceLinkResponse) XXX_Size Uses

func (m *ServiceLinkResponse) XXX_Size() int

func (*ServiceLinkResponse) XXX_Unmarshal Uses

func (m *ServiceLinkResponse) XXX_Unmarshal(b []byte) error

type ServiceLinkResponse_Status Uses

type ServiceLinkResponse_Status int32

Status codes.

const (
    // The service is now linked and primary will be pushing updates to it.
    ServiceLinkResponse_SUCCESS ServiceLinkResponse_Status = 0
    // Primary do not replies.
    ServiceLinkResponse_TRANSPORT_ERROR ServiceLinkResponse_Status = 1
    // Linking ticket is invalid or expired.
    ServiceLinkResponse_BAD_TICKET ServiceLinkResponse_Status = 2
    // Linking ticket was generated for another app, not the calling one.
    ServiceLinkResponse_AUTH_ERROR ServiceLinkResponse_Status = 3
)

func (ServiceLinkResponse_Status) EnumDescriptor Uses

func (ServiceLinkResponse_Status) EnumDescriptor() ([]byte, []int)

func (ServiceLinkResponse_Status) String Uses

func (x ServiceLinkResponse_Status) String() string

type ServiceLinkTicket Uses

type ServiceLinkTicket struct {
    // GAE application ID of Primary that generated this ticket. Replica will send
    // ServiceLinkRequest to this service when it processes the ticket.
    PrimaryId string `protobuf:"bytes,1,opt,name=primary_id,json=primaryId,proto3" json:"primary_id,omitempty"`
    // URL to the root page of a primary service, i.e. https://<...>.appspot.com.
    // Useful when testing on dev appserver and on non-default version.
    PrimaryUrl string `protobuf:"bytes,2,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"`
    // Identity of a user that generated this ticket.
    GeneratedBy string `protobuf:"bytes,3,opt,name=generated_by,json=generatedBy,proto3" json:"generated_by,omitempty"`
    // Opaque blob passed back to Primary in ServiceLinkRequest. Its exact
    // structure is an implementation detail of Primary. It contains app_id of
    // a replica this ticket is intended for, timestamp and HMAC tag.
    Ticket               []byte   `protobuf:"bytes,4,opt,name=ticket,proto3" json:"ticket,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

Generated by Primary, passed to Replica to initiate linking process.

func (*ServiceLinkTicket) Descriptor Uses

func (*ServiceLinkTicket) Descriptor() ([]byte, []int)

func (*ServiceLinkTicket) GetGeneratedBy Uses

func (m *ServiceLinkTicket) GetGeneratedBy() string

func (*ServiceLinkTicket) GetPrimaryId Uses

func (m *ServiceLinkTicket) GetPrimaryId() string

func (*ServiceLinkTicket) GetPrimaryUrl Uses

func (m *ServiceLinkTicket) GetPrimaryUrl() string

func (*ServiceLinkTicket) GetTicket Uses

func (m *ServiceLinkTicket) GetTicket() []byte

func (*ServiceLinkTicket) ProtoMessage Uses

func (*ServiceLinkTicket) ProtoMessage()

func (*ServiceLinkTicket) Reset Uses

func (m *ServiceLinkTicket) Reset()

func (*ServiceLinkTicket) String Uses

func (m *ServiceLinkTicket) String() string

func (*ServiceLinkTicket) XXX_DiscardUnknown Uses

func (m *ServiceLinkTicket) XXX_DiscardUnknown()

func (*ServiceLinkTicket) XXX_Marshal Uses

func (m *ServiceLinkTicket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ServiceLinkTicket) XXX_Merge Uses

func (m *ServiceLinkTicket) XXX_Merge(src proto.Message)

func (*ServiceLinkTicket) XXX_Size Uses

func (m *ServiceLinkTicket) XXX_Size() int

func (*ServiceLinkTicket) XXX_Unmarshal Uses

func (m *ServiceLinkTicket) XXX_Unmarshal(b []byte) error

type SignedAuthDB Uses

type SignedAuthDB struct {
    // Serialized ReplicationPushRequest message with actual data.
    //
    // Contains revision information and AuthDB itself.
    AuthDbBlob []byte `protobuf:"bytes,1,opt,name=auth_db_blob,json=authDbBlob,proto3" json:"auth_db_blob,omitempty"`
    // Service account name whose key was used to sign the AuthDB blob.
    SignerId string `protobuf:"bytes,2,opt,name=signer_id,json=signerId,proto3" json:"signer_id,omitempty"`
    // ID of the signing key.
    SigningKeyId string `protobuf:"bytes,3,opt,name=signing_key_id,json=signingKeyId,proto3" json:"signing_key_id,omitempty"`
    // The signature of auth_db_blob field.
    //
    // It is RS256(SHA512(auth_db_blob)).
    //
    // Where:
    //   * RS256 is RSASSA-PKCS1-v1_5 using SHA-256, see RS256 algo in RFC7518.
    //   * SHA512 is a byte string (64 bytes) with SHA-512 digest of its input.
    //
    // Such peculiar structure is due to limitations of GAE signing infrastructure
    // (RS256 function can accept at most 8KB of input).
    //
    // Consumers of SignedAuthDB are expected to do the following:
    //   1. Check 'signer_id' is what they expect.
    //   2. Use https://www.googleapis.com/service_accounts/v1/metadata/x509/...
    //      endpoint to get the signer's public key with ID 'signing_key_id'.
    //   3. Construct to-be-signed string as SHA512(auth_db_blob).
    //   4. Verify 'signature' matches to-be-signed string using the public key
    //      from step 2.
    Signature            []byte   `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

SignedAuthDB contains serialized and signed AuthDB proto.

It is used to store AuthDB snapshots in Google Storage. Signing is used as a defense against unauthorized writes to the storage bucket.

func (*SignedAuthDB) Descriptor Uses

func (*SignedAuthDB) Descriptor() ([]byte, []int)

func (*SignedAuthDB) GetAuthDbBlob Uses

func (m *SignedAuthDB) GetAuthDbBlob() []byte

func (*SignedAuthDB) GetSignature Uses

func (m *SignedAuthDB) GetSignature() []byte

func (*SignedAuthDB) GetSignerId Uses

func (m *SignedAuthDB) GetSignerId() string

func (*SignedAuthDB) GetSigningKeyId Uses

func (m *SignedAuthDB) GetSigningKeyId() string

func (*SignedAuthDB) ProtoMessage Uses

func (*SignedAuthDB) ProtoMessage()

func (*SignedAuthDB) Reset Uses

func (m *SignedAuthDB) Reset()

func (*SignedAuthDB) String Uses

func (m *SignedAuthDB) String() string

func (*SignedAuthDB) XXX_DiscardUnknown Uses

func (m *SignedAuthDB) XXX_DiscardUnknown()

func (*SignedAuthDB) XXX_Marshal Uses

func (m *SignedAuthDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SignedAuthDB) XXX_Merge Uses

func (m *SignedAuthDB) XXX_Merge(src proto.Message)

func (*SignedAuthDB) XXX_Size Uses

func (m *SignedAuthDB) XXX_Size() int

func (*SignedAuthDB) XXX_Unmarshal Uses

func (m *SignedAuthDB) XXX_Unmarshal(b []byte) error

Package protocol imports 3 packages (graph) and is imported by 12 packages. Updated 2019-10-17. Refresh now. Tools for package owners.