2023-03-28 23:48:58 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-05-04 17:38:45 +01:00
|
|
|
syntax = "proto3";
|
|
|
|
|
2022-07-22 14:59:34 -04:00
|
|
|
package hashicorp.consul.acl;
|
2022-05-04 17:38:45 +01:00
|
|
|
|
2023-02-17 16:14:46 -05:00
|
|
|
import "annotations/ratelimit/ratelimit.proto";
|
2023-01-04 16:07:02 +00:00
|
|
|
|
2022-05-04 17:38:45 +01:00
|
|
|
service ACLService {
|
|
|
|
// Login exchanges the presented bearer token for a Consul ACL token using a
|
|
|
|
// configured auth method.
|
2023-01-04 16:07:02 +00:00
|
|
|
rpc Login(LoginRequest) returns (LoginResponse) {
|
2023-03-20 11:24:29 -04:00
|
|
|
option (hashicorp.consul.internal.ratelimit.spec) = {
|
|
|
|
operation_type: OPERATION_TYPE_WRITE,
|
|
|
|
operation_category: OPERATION_CATEGORY_ACL
|
|
|
|
};
|
2023-01-04 16:07:02 +00:00
|
|
|
}
|
2022-05-04 17:38:45 +01:00
|
|
|
|
|
|
|
// Logout destroys the given ACL token once the caller is done with it.
|
2023-01-04 16:07:02 +00:00
|
|
|
rpc Logout(LogoutRequest) returns (LogoutResponse) {
|
2023-03-20 11:24:29 -04:00
|
|
|
option (hashicorp.consul.internal.ratelimit.spec) = {
|
|
|
|
operation_type: OPERATION_TYPE_WRITE,
|
|
|
|
operation_category: OPERATION_CATEGORY_ACL
|
|
|
|
};
|
2023-01-04 16:07:02 +00:00
|
|
|
}
|
2022-05-04 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
2022-05-23 10:37:52 -04:00
|
|
|
message LogoutResponse {}
|
|
|
|
|
2022-05-04 17:38:45 +01:00
|
|
|
message LoginRequest {
|
|
|
|
// auth_method is the name of the configured auth method that will be used to
|
|
|
|
// validate the presented bearer token.
|
|
|
|
string auth_method = 1;
|
|
|
|
|
|
|
|
// bearer_token is a token produced by a trusted identity provider as
|
|
|
|
// configured by the auth method.
|
|
|
|
string bearer_token = 2;
|
|
|
|
|
|
|
|
// meta is a collection of arbitrary key-value pairs associated to the token,
|
|
|
|
// it is useful for tracking the origin of tokens.
|
|
|
|
map<string, string> meta = 3;
|
|
|
|
|
|
|
|
// namespace (enterprise only) is the namespace in which the auth method
|
|
|
|
// resides.
|
|
|
|
string namespace = 4;
|
|
|
|
|
|
|
|
// partition (enterprise only) is the partition in which the auth method
|
|
|
|
// resides.
|
|
|
|
string partition = 5;
|
|
|
|
|
|
|
|
// datacenter is the target datacenter in which the request will be processed.
|
|
|
|
string datacenter = 6;
|
|
|
|
}
|
|
|
|
|
|
|
|
message LoginResponse {
|
|
|
|
// token is the generated ACL token.
|
|
|
|
LoginToken token = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
message LoginToken {
|
|
|
|
// accessor_id is a UUID used to identify the ACL token.
|
|
|
|
string accessor_id = 1;
|
|
|
|
|
|
|
|
// secret_id is a UUID presented as a credential by clients.
|
|
|
|
string secret_id = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
message LogoutRequest {
|
|
|
|
// token is the ACL token's secret ID.
|
|
|
|
string token = 1;
|
|
|
|
|
|
|
|
// datacenter is the target datacenter in which the request will be processed.
|
|
|
|
string datacenter = 2;
|
|
|
|
}
|