| syntax = "proto3"; |
| package metropolis.proto.ext; |
| option go_package = "source.monogon.dev/metropolis/proto/ext"; |
| |
| import "google/protobuf/descriptor.proto"; |
| |
| extend google.protobuf.MethodOptions { |
| // Set authorization policy for this RPC. If not set but the service is |
| // configured to use authorization, the default/zero value of the |
| // Authorization message will be used (effectively allowing all |
| // authenticated users). |
| Authorization authorization = 1000; |
| } |
| |
| |
| // Permission is a combined activity/object that an identity can perform in the |
| // cluster. |
| // |
| // MVP: this might get replaced with a full activity/object split later on. |
| enum Permission { |
| PERMISSION_UNSPECIFIED = 0; |
| PERMISSION_GET_REGISTER_TICKET = 1; |
| PERMISSION_READ_CLUSTER_STATUS = 2; |
| PERMISSION_UPDATE_NODE_SELF = 3; |
| PERMISSION_APPROVE_NODE = 4; |
| PERMISSION_UPDATE_NODE_ROLES = 5; |
| PERMISSION_READ_NODE_LOGS = 6; |
| } |
| |
| // Authorization policy for an RPC method. This message/API does not have the |
| // same stability guarantees as the rest of Metropolis APIs - it is internal, |
| // might change in wire and text incompatible ways and should not be used by |
| // consumers of the API. |
| message Authorization { |
| // Set of permissions required from the caller. |
| repeated Permission need = 1; |
| // If set, this API can be called unauthorized and unauthenticated, thereby |
| // allowing full access to anyone, including public access by anyone with |
| // network connectivity to the cluster.. Ignored if `need` is non-empty. |
| bool allow_unauthenticated = 2; |
| } |