-
Notifications
You must be signed in to change notification settings - Fork 2
/
token.proto
193 lines (152 loc) · 6.2 KB
/
token.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
syntax = "proto3";
package hiber.token;
import "base.proto";
import "permission.proto";
option java_multiple_files = false;
option java_package = "global.hiber.api.grpc.token";
option java_outer_classname = "TokenApi";
option go_package = ".;hiber";
service TokenService {
rpc List (ListTokensRequest) returns (ListTokensRequest.Response);
rpc Create (CreateTokenRequest) returns (CreateTokenRequest.Response);
rpc Delete (DeleteTokenRequest) returns (DeleteTokenRequest.Response);
rpc UpdateTokenOrganizationPermissions (UpdateTokenOrganizationPermissionsRequest) returns (UpdateTokenOrganizationPermissionsRequest.Response);
rpc UpdateTokenUserPermissions (UpdateTokenUserPermissionsRequest) returns (UpdateTokenUserPermissionsRequest.Response);
rpc UpdateTokenRoles(UpdateTokenRoles.Request) returns (UpdateTokenRoles.Response);
}
message Token {
enum Type {
/* A token with a specific set of permissions, given when the token is created. */
SPECIFIC = 0;
/* A personal access token has the permissions of the creator.
* When the creator gains or loses permissions, this applies to the token as well.
*/
PERSONAL = 1;
}
int64 id = 1;
string name = 2;
string user_id = 3;
UserDetails user_details = 11;
string organization = 4;
reserved 5;
Timestamp expires_at = 6;
repeated UserPermission user_permissions = 7;
repeated OrganizationPermission organization_permissions = 8;
repeated string roles = 9;
Type type = 10;
/* Date that the token was last used. */
optional Date last_used = 13;
/* Set if the current request is made with this token. */
bool used_for_this_call = 12;
/* Optionally, limit the organizations that the token is allowed to impersonate. */
optional Filter.ChildOrganizations limit_impersonation = 14;
message UserDetails {
string id = 1;
string email = 2;
string name = 3;
}
}
message TokenSelection {
optional Filter.Users users = 1;
optional string name = 3;
optional bool include_expired = 4;
optional Filter.Roles roles = 5;
repeated Token.Type type = 6;
}
message ListTokensRequest {
message Response {
repeated Token tokens = 1;
ListTokensRequest request = 2;
Pagination.Result pagination = 3;
}
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
/* Select the tokens to list. Optional, when omitted or empty everything is included. */
optional TokenSelection selection = 2;
optional Pagination pagination = 3;
}
message CreateTokenRequest {
message Response {
string token = 1;
Token created = 2;
}
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
string name = 2;
Token.Type type = 9;
Timestamp expires_at = 4;
optional Filter.UserPermissions user_permissions = 5;
/* Permissions the new token should get. */
Filter.OrganizationPermissions organization_permissions = 6;
/* Roles the new token should get. */
optional Filter.Roles roles = 8;
/* Optionally, if you have the USERS_MANAGE permission, you can make a token for another user.
* If you do, you cannot grant it permissions they do not have, not can you grant it any user permissions.
*/
optional string for_user_id = 10;
/* Optionally, attempt to minimize the token size as much as possible. */
optional bool minimize = 11;
/* Optionally, limit the organizations that the token is allowed to impersonate. */
optional Filter.ChildOrganizations limit_impersonation = 12;
reserved 3, 7;
}
message DeleteTokenRequest {
message Response {
}
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
int64 token_id = 2;
}
message UpdateTokenOrganizationPermissionsRequest {
message Response {
}
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
repeated int64 token_ids = 2;
/* Completely replace the organization permission for the selected token(s) with this set. */
optional Filter.OrganizationPermissions replace_organization_permissions = 3;
/* Add organization permissions to the token. */
repeated OrganizationPermission add_organization_permissions = 5;
/* Remove organization permissions from the token.
* Ensures the permissions is no longer on the token (even if you also add it using add_organization_permissions).
*/
repeated OrganizationPermission remove_organization_permissions = 6;
reserved 4;
}
message UpdateTokenUserPermissionsRequest {
message Response {
}
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
repeated int64 token_ids = 2;
/* Completely replace the user permission for the selected token(s) with this set. */
optional Filter.UserPermissions replace_user_permissions = 4;
/* Add user permissions to the token. */
repeated UserPermission add_user_permissions = 5;
/* Remove user permissions from the token. */
repeated UserPermission remove_user_permissions = 6;
}
message UpdateTokenRoles {
message Request {
/* Pick the organization to use (/impersonate). If unset, your default organization is used. */
optional string organization = 1;
repeated int64 token_ids = 2;
/* Grant and remove roles on the current roles the tokens have. */
message ModifyRoles {
/* Grant roles in addition to the current roles the tokens have. */
repeated string add = 1;
/* Remove roles from the current roles the tokens have. */
repeated string remove = 2;
}
/* Completely replace the roles the tokens have. */
message ReplaceRoles {
repeated string roles = 1;
}
oneof update {
ModifyRoles modify = 3;
ReplaceRoles replace = 4;
}
}
message Response {
}
}