open-consul/proto-public/pbacl/acl.proto

syntax = "proto3";

package acl;

import "google/protobuf/empty.proto";

option go_package = "github.com/hashicorp/consul/proto-public/pbacl";

service ACLService {
  // Login exchanges the presented bearer token for a Consul ACL token using a
  // configured auth method.
  rpc Login(LoginRequest) returns (LoginResponse) {}

  // Logout destroys the given ACL token once the caller is done with it.
  rpc Logout(LogoutRequest) returns (google.protobuf.Empty) {}
}

message LoginRequest {
  // auth_method is the name of the configured auth method that will be used to
  // validate the presented bearer token.
  string auth_method = 1;

  // bearer_token is a token produced by a trusted identity provider as
  // configured by the auth method.
  string bearer_token = 2;

  // meta is a collection of arbitrary key-value pairs associated to the token,
  // it is useful for tracking the origin of tokens.
  map<string, string> meta = 3;

  // namespace (enterprise only) is the namespace in which the auth method
  // resides.
  string namespace = 4;

  // partition (enterprise only) is the partition in which the auth method
  // resides.
  string partition = 5;

  // datacenter is the target datacenter in which the request will be processed.
  string datacenter = 6;
}

message LoginResponse {
  // token is the generated ACL token.
  LoginToken token = 1;
}

message LoginToken {
  // accessor_id is a UUID used to identify the ACL token.
  string accessor_id = 1;

  // secret_id is a UUID presented as a credential by clients.
  string secret_id = 2;
}

message LogoutRequest {
  // token is the ACL token's secret ID.
  string token = 1;

  // datacenter is the target datacenter in which the request will be processed.
  string datacenter = 2;
}
acl: gRPC login and logout endpoints (#12935) Introduces two new public gRPC endpoints (`Login` and `Logout`) and includes refactoring of the equivalent net/rpc endpoints to enable the majority of logic to be reused (i.e. by extracting the `Binder` and `TokenWriter` types). This contains the OSS portions of the following enterprise commits: - 75fcdbfcfa6af21d7128cb2544829ead0b1df603 - bce14b714151af74a7f0110843d640204082630a - cc508b70fbf58eda144d9af3d71bd0f483985893 2022-05-04 16:38:45 +00:00			`syntax = "proto3";`

			`package acl;`

			`import "google/protobuf/empty.proto";`

			`option go_package = "github.com/hashicorp/consul/proto-public/pbacl";`

			`service ACLService {`
			`// Login exchanges the presented bearer token for a Consul ACL token using a`
			`// configured auth method.`
			`rpc Login(LoginRequest) returns (LoginResponse) {}`

			`// Logout destroys the given ACL token once the caller is done with it.`
			`rpc Logout(LogoutRequest) returns (google.protobuf.Empty) {}`
			`}`

			`message LoginRequest {`
			`// auth_method is the name of the configured auth method that will be used to`
			`// validate the presented bearer token.`
			`string auth_method = 1;`

			`// bearer_token is a token produced by a trusted identity provider as`
			`// configured by the auth method.`
			`string bearer_token = 2;`

			`// meta is a collection of arbitrary key-value pairs associated to the token,`
			`// it is useful for tracking the origin of tokens.`
			`map<string, string> meta = 3;`

			`// namespace (enterprise only) is the namespace in which the auth method`
			`// resides.`
			`string namespace = 4;`

			`// partition (enterprise only) is the partition in which the auth method`
			`// resides.`
			`string partition = 5;`

			`// datacenter is the target datacenter in which the request will be processed.`
			`string datacenter = 6;`
			`}`

			`message LoginResponse {`
			`// token is the generated ACL token.`
			`LoginToken token = 1;`
			`}`

			`message LoginToken {`
			`// accessor_id is a UUID used to identify the ACL token.`
			`string accessor_id = 1;`

			`// secret_id is a UUID presented as a credential by clients.`
			`string secret_id = 2;`
			`}`

			`message LogoutRequest {`
			`// token is the ACL token's secret ID.`
			`string token = 1;`

			`// datacenter is the target datacenter in which the request will be processed.`
			`string datacenter = 2;`
			`}`