Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / fdc3a2473e4ebfd77db342252e1088882e01b2d6 / . / metropolis / proto / ext / authorization.proto
blob: 60ad68a5a693755efb15e47a8ad2928d8c3721e0 [file] [log] [blame]
Serge Bazanski9ffa1f92021-09-01 15:42:23 +0200[diff] [blame]1syntax = "proto3";
2package metropolis.proto.ext;
3option go_package = "source.monogon.dev/metropolis/proto/ext";
4
5import "google/protobuf/descriptor.proto";
6
7extend google.protobuf.MethodOptions {
8 // Set authorization policy for this RPC. If not set but the service is
9 // configured to use authorization, the default/zero value of the
10 // Authorization message will be used (effectively allowing all
11 // authenticated users).
12 Authorization authorization = 1000;
13}
14
15
16// Permission is a combined activity/object that an identity can perform in the
17// cluster.
18//
19// MVP: this might get replaced with a full activity/object split later on.
20enum Permission {
21 PERMISSION_UNSPECIFIED = 0;
22 PERMISSION_GET_REGISTER_TICKET = 1;
Serge Bazanskid7d6e022021-09-01 15:03:06 +0200[diff] [blame]23 PERMISSION_READ_CLUSTER_STATUS = 2;
Serge Bazanski2893e982021-09-09 13:06:16 +0200[diff] [blame]24 PERMISSION_UPDATE_NODE_SELF = 3;
Serge Bazanski1612d4b2021-11-12 13:54:15 +0100[diff] [blame]25 PERMISSION_APPROVE_NODE = 4;
Serge Bazanski9ffa1f92021-09-01 15:42:23 +0200[diff] [blame]26}
27
28// Authorization policy for an RPC method. This message/API does not have the
29// same stability guarantees as the rest of Metropolis APIs - it is internal,
30// might change in wire and text incompatible ways and should not be used by
31// consumers of the API.
32message Authorization {
33 // Set of permissions required from the caller.
34 repeated Permission need = 1;
35 // If set, this API can be called unauthorized and unauthenticated, thereby
36 // allowing full access to anyone, including public access by anyone with
37 // network connectivity to the cluster.. Ignored if `need` is non-empty.
38 bool allow_unauthenticated = 2;
39}