// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 syntax = "proto3"; package hashicorp.consul.acl; import "annotations/ratelimit/ratelimit.proto"; service ACLService { // Login exchanges the presented bearer token for a Consul ACL token using a // configured auth method. rpc Login(LoginRequest) returns (LoginResponse) { option (hashicorp.consul.internal.ratelimit.spec) = { operation_type: OPERATION_TYPE_WRITE, operation_category: OPERATION_CATEGORY_ACL }; } // Logout destroys the given ACL token once the caller is done with it. rpc Logout(LogoutRequest) returns (LogoutResponse) { option (hashicorp.consul.internal.ratelimit.spec) = { operation_type: OPERATION_TYPE_WRITE, operation_category: OPERATION_CATEGORY_ACL }; } } message LogoutResponse {} message LoginRequest { // auth_method is the name of the configured auth method that will be used to // validate the presented bearer token. string auth_method = 1; // bearer_token is a token produced by a trusted identity provider as // configured by the auth method. string bearer_token = 2; // meta is a collection of arbitrary key-value pairs associated to the token, // it is useful for tracking the origin of tokens. map meta = 3; // namespace (enterprise only) is the namespace in which the auth method // resides. string namespace = 4; // partition (enterprise only) is the partition in which the auth method // resides. string partition = 5; // datacenter is the target datacenter in which the request will be processed. string datacenter = 6; } message LoginResponse { // token is the generated ACL token. LoginToken token = 1; } message LoginToken { // accessor_id is a UUID used to identify the ACL token. string accessor_id = 1; // secret_id is a UUID presented as a credential by clients. string secret_id = 2; } message LogoutRequest { // token is the ACL token's secret ID. string token = 1; // datacenter is the target datacenter in which the request will be processed. string datacenter = 2; }