metropolis/proto/ext/authorization.proto

syntax = "proto3";
package metropolis.proto.ext;
option go_package = "source.monogon.dev/metropolis/proto/ext";

import "google/protobuf/descriptor.proto";

extend google.protobuf.MethodOptions {
    // Set authorization policy for this RPC. If not set but the service is
    // configured to use authorization, the default/zero value of the
    // Authorization message will be used (effectively allowing all
    // authenticated users).
    Authorization authorization = 1000;
}


// Permission is a combined activity/object that an identity can perform in the
// cluster.
//
// MVP: this might get replaced with a full activity/object split later on.
enum Permission {
    PERMISSION_UNSPECIFIED = 0;
    PERMISSION_GET_REGISTER_TICKET = 1;
    PERMISSION_READ_CLUSTER_STATUS = 2;
    PERMISSION_UPDATE_NODE_SELF = 3;
    PERMISSION_APPROVE_NODE = 4;
    PERMISSION_UPDATE_NODE_ROLES = 5;
    PERMISSION_READ_NODE_LOGS = 6;
    PERMISSION_UPDATE_NODE = 7;
    PERMISSION_DECOMMISSION_NODE = 8;
    PERMISSION_DELETE_NODE = 9;
}

// Authorization policy for an RPC method. This message/API does not have the
// same stability guarantees as the rest of Metropolis APIs - it is internal,
// might change in wire and text incompatible ways and should not be used by
// consumers of the API.
message Authorization {
    // Set of permissions required from the caller.
    repeated Permission need = 1;
    // If set, this API can be called unauthorized and unauthenticated, thereby
    // allowing full access to anyone, including public access by anyone with
    // network connectivity to the cluster.. Ignored if `need` is non-empty.
    bool allow_unauthenticated = 2;
}