redfish_authorization/oauth.proto - gbmcweb - Git at Google

 syntax = "proto3";

 package oauth;

 import "google/protobuf/duration.proto";

 enum TokenType {
   TOKEN_INVALID = 0;
   TOKEN_JWT = 1;
 }

 enum SignatureAlgorithm {
   ALG_NONE = 0;
   ALG_RS256 = 1;
 }

 message MintTokenRequest {
   TokenType token_type = 1;
   // Algorithm for the signature of the token. Services shall not accept the
   // value none in production.
   SignatureAlgorithm alg = 2;
   // Reserving: The field is deleted, but this makes it clear not to reuse the
   // field number.
   reserved 3;
   // Reserving: The field is deleted, but this makes it clear not to reuse the
   // field number.
   reserved 4;
   // How long the issued token will be valid for.
   google.protobuf.Duration valid_for = 5;
   message RedfishPrivileges {
     repeated string privileges = 1;
   }
   oneof redfish_scope {
     // Redfish roles issued to the client. See
     // https://redfish.dmtf.org/schemas/DSP0266_1.15.0.html#roles for details.
     string redfish_role = 6;
     RedfishPrivileges redfish_privileges = 7;
   }
 }

 message MintTokenResponse {
   // The issued JWT token.
   string token = 1;
 }

 message ExchangeRequest {
   TokenType token_type = 1;
   // Algorithm for the signature of the token. Services shall not accept the
   // value none in production.
   SignatureAlgorithm alg = 2;
   // How long the issued token will be valid for.
   google.protobuf.Duration valid_for = 5;
 }

 message ExchangeResponse {
   // The issued JWT token.
   string token = 1;
 }

 message HiscTokenRequest {
   // The public key string, normally can get via SSHKey.ToPublicString().
   optional string public_key = 1;
   // The port id of the host interactive serial console provided by gBMC.
   // The port id is the number in the host's node appendix number.
   // i.e. host mvt19-n1 the node appendix is -n1 and it is mapping to port-1
   // the hisc_port_id is 1.
   // If the host does not have node appendix, it will be mapping to port-0.
   optional uint32 hisc_port_id = 2;
   // The token's valid life time, maximum is 30 minutes (1800 seconds)
   optional uint32 token_lifetime_seconds = 3;
 }

 message HiscTokenResponse {
   // The issued Hisc access token.
   string token = 1;
 }

 service AuthorizationService {
   // Mint tokens for another identity
   rpc MintToken(MintTokenRequest) returns (MintTokenResponse);
   // Mint tokens for the client itself; exchange its own identity to a Redfish
   // role or a set of privileges
   rpc Exchange(ExchangeRequest) returns (ExchangeResponse);
   // go/gbmc-hisc, HiscToken API will be used to issue a token to
   // access the specified host's serial console via TCP port 20022, which is a
   // dedicated ssh service port (go/gbmc-ports).
   // Technically, the token is gBMC self-signed ssh certificate with force
   // command set to "/usr/libexec/ttf-console port-${hisc_port_id}". So this
   // certificate will only be accepted by issuer gBMC's HISC ssh server.
   rpc HiscToken(HiscTokenRequest) returns (HiscTokenResponse);
 }
	syntax = "proto3";

	package oauth;

	import "google/protobuf/duration.proto";

	enum TokenType {
	TOKEN_INVALID = 0;
	TOKEN_JWT = 1;
	}

	enum SignatureAlgorithm {
	ALG_NONE = 0;
	ALG_RS256 = 1;
	}

	message MintTokenRequest {
	TokenType token_type = 1;
	// Algorithm for the signature of the token. Services shall not accept the
	// value none in production.
	SignatureAlgorithm alg = 2;
	// Reserving: The field is deleted, but this makes it clear not to reuse the
	// field number.
	reserved 3;
	// Reserving: The field is deleted, but this makes it clear not to reuse the
	// field number.
	reserved 4;
	// How long the issued token will be valid for.
	google.protobuf.Duration valid_for = 5;
	message RedfishPrivileges {
	repeated string privileges = 1;
	}
	oneof redfish_scope {
	// Redfish roles issued to the client. See
	// https://redfish.dmtf.org/schemas/DSP0266_1.15.0.html#roles for details.
	string redfish_role = 6;
	RedfishPrivileges redfish_privileges = 7;
	}
	}

	message MintTokenResponse {
	// The issued JWT token.
	string token = 1;
	}

	message ExchangeRequest {
	TokenType token_type = 1;
	// Algorithm for the signature of the token. Services shall not accept the
	// value none in production.
	SignatureAlgorithm alg = 2;
	// How long the issued token will be valid for.
	google.protobuf.Duration valid_for = 5;
	}

	message ExchangeResponse {
	// The issued JWT token.
	string token = 1;
	}

	message HiscTokenRequest {
	// The public key string, normally can get via SSHKey.ToPublicString().
	optional string public_key = 1;
	// The port id of the host interactive serial console provided by gBMC.
	// The port id is the number in the host's node appendix number.
	// i.e. host mvt19-n1 the node appendix is -n1 and it is mapping to port-1
	// the hisc_port_id is 1.
	// If the host does not have node appendix, it will be mapping to port-0.
	optional uint32 hisc_port_id = 2;
	// The token's valid life time, maximum is 30 minutes (1800 seconds)
	optional uint32 token_lifetime_seconds = 3;
	}

	message HiscTokenResponse {
	// The issued Hisc access token.
	string token = 1;
	}

	service AuthorizationService {
	// Mint tokens for another identity
	rpc MintToken(MintTokenRequest) returns (MintTokenResponse);
	// Mint tokens for the client itself; exchange its own identity to a Redfish
	// role or a set of privileges
	rpc Exchange(ExchangeRequest) returns (ExchangeResponse);
	// go/gbmc-hisc, HiscToken API will be used to issue a token to
	// access the specified host's serial console via TCP port 20022, which is a
	// dedicated ssh service port (go/gbmc-ports).
	// Technically, the token is gBMC self-signed ssh certificate with force
	// command set to "/usr/libexec/ttf-console port-${hisc_port_id}". So this
	// certificate will only be accepted by issuer gBMC's HISC ssh server.
	rpc HiscToken(HiscTokenRequest) returns (HiscTokenResponse);
	}