63 lines
1.7 KiB
Protocol Buffer
63 lines
1.7 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package acl;
|
|
|
|
import "google/protobuf/empty.proto";
|
|
|
|
option go_package = "github.com/hashicorp/consul/proto-public/pbacl";
|
|
|
|
service ACLService {
|
|
// Login exchanges the presented bearer token for a Consul ACL token using a
|
|
// configured auth method.
|
|
rpc Login(LoginRequest) returns (LoginResponse) {}
|
|
|
|
// Logout destroys the given ACL token once the caller is done with it.
|
|
rpc Logout(LogoutRequest) returns (google.protobuf.Empty) {}
|
|
}
|
|
|
|
message LoginRequest {
|
|
// auth_method is the name of the configured auth method that will be used to
|
|
// validate the presented bearer token.
|
|
string auth_method = 1;
|
|
|
|
// bearer_token is a token produced by a trusted identity provider as
|
|
// configured by the auth method.
|
|
string bearer_token = 2;
|
|
|
|
// meta is a collection of arbitrary key-value pairs associated to the token,
|
|
// it is useful for tracking the origin of tokens.
|
|
map<string, string> meta = 3;
|
|
|
|
// namespace (enterprise only) is the namespace in which the auth method
|
|
// resides.
|
|
string namespace = 4;
|
|
|
|
// partition (enterprise only) is the partition in which the auth method
|
|
// resides.
|
|
string partition = 5;
|
|
|
|
// datacenter is the target datacenter in which the request will be processed.
|
|
string datacenter = 6;
|
|
}
|
|
|
|
message LoginResponse {
|
|
// token is the generated ACL token.
|
|
LoginToken token = 1;
|
|
}
|
|
|
|
message LoginToken {
|
|
// accessor_id is a UUID used to identify the ACL token.
|
|
string accessor_id = 1;
|
|
|
|
// secret_id is a UUID presented as a credential by clients.
|
|
string secret_id = 2;
|
|
}
|
|
|
|
message LogoutRequest {
|
|
// token is the ACL token's secret ID.
|
|
string token = 1;
|
|
|
|
// datacenter is the target datacenter in which the request will be processed.
|
|
string datacenter = 2;
|
|
}
|