From c3e036bbe60d5beb6b3bef4471ca5cb1450d70e4 Mon Sep 17 00:00:00 2001 From: Lars Prehn Date: Tue, 17 Dec 2024 17:51:37 +0000 Subject: [PATCH 1/2] Add support for profiles in Get and Probe RPC. --- authz/authz.pb.go | 130 +++++++++++++++++++++++++++++++--------------- authz/authz.proto | 31 ++++++++--- 2 files changed, 111 insertions(+), 50 deletions(-) diff --git a/authz/authz.pb.go b/authz/authz.pb.go index 54590e9..ec1f802 100644 --- a/authz/authz.pb.go +++ b/authz/authz.pb.go @@ -377,8 +377,9 @@ type ProbeRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"` - Rpc string `protobuf:"bytes,2,opt,name=rpc,proto3" json:"rpc,omitempty"` + User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"` + Rpc string `protobuf:"bytes,2,opt,name=rpc,proto3" json:"rpc,omitempty"` + AuthzProfileId string `protobuf:"bytes,3,opt,name=authz_profile_id,json=authzProfileId,proto3" json:"authz_profile_id,omitempty"` } func (x *ProbeRequest) Reset() { @@ -427,13 +428,21 @@ func (x *ProbeRequest) GetRpc() string { return "" } +func (x *ProbeRequest) GetAuthzProfileId() string { + if x != nil { + return x.AuthzProfileId + } + return "" +} + type ProbeResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Action ProbeResponse_Action `protobuf:"varint,1,opt,name=action,proto3,enum=gnsi.authz.v1.ProbeResponse_Action" json:"action,omitempty"` - Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` + Action ProbeResponse_Action `protobuf:"varint,1,opt,name=action,proto3,enum=gnsi.authz.v1.ProbeResponse_Action" json:"action,omitempty"` + Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` + AuthzProfileId string `protobuf:"bytes,3,opt,name=authz_profile_id,json=authzProfileId,proto3" json:"authz_profile_id,omitempty"` } func (x *ProbeResponse) Reset() { @@ -482,10 +491,19 @@ func (x *ProbeResponse) GetVersion() string { return "" } +func (x *ProbeResponse) GetAuthzProfileId() string { + if x != nil { + return x.AuthzProfileId + } + return "" +} + type GetRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + AuthzProfileId string `protobuf:"bytes,1,opt,name=authz_profile_id,json=authzProfileId,proto3" json:"authz_profile_id,omitempty"` } func (x *GetRequest) Reset() { @@ -520,14 +538,22 @@ func (*GetRequest) Descriptor() ([]byte, []int) { return file_github_com_openconfig_gnsi_authz_authz_proto_rawDescGZIP(), []int{7} } +func (x *GetRequest) GetAuthzProfileId() string { + if x != nil { + return x.AuthzProfileId + } + return "" +} + type GetResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` - CreatedOn uint64 `protobuf:"varint,2,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"` - Policy string `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"` + Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` + CreatedOn uint64 `protobuf:"varint,2,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"` + Policy string `protobuf:"bytes,3,opt,name=policy,proto3" json:"policy,omitempty"` + AuthzProfileId string `protobuf:"bytes,4,opt,name=authz_profile_id,json=authzProfileId,proto3" json:"authz_profile_id,omitempty"` } func (x *GetResponse) Reset() { @@ -583,6 +609,13 @@ func (x *GetResponse) GetPolicy() string { return "" } +func (x *GetResponse) GetAuthzProfileId() string { + if x != nil { + return x.AuthzProfileId + } + return "" +} + var File_github_com_openconfig_gnsi_authz_authz_proto protoreflect.FileDescriptor var file_github_com_openconfig_gnsi_authz_authz_proto_rawDesc = []byte{ @@ -622,45 +655,56 @@ var file_github_com_openconfig_gnsi_authz_authz_proto_rawDesc = []byte{ 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x4f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x10, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, - 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x34, 0x0a, 0x0c, 0x50, 0x72, + 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x70, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x72, 0x70, 0x63, - 0x22, 0xac, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x44, 0x0a, 0x06, 0x41, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, - 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x41, - 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, - 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x54, 0x10, 0x02, 0x22, - 0x0c, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x5e, 0x0a, - 0x0b, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x64, 0x5f, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x64, 0x4f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x32, 0xde, 0x01, - 0x0a, 0x05, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x53, 0x0a, 0x06, 0x52, 0x6f, 0x74, 0x61, 0x74, - 0x65, 0x12, 0x21, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, - 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x7a, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x05, - 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x3c, 0x0a, 0x03, 0x47, 0x65, 0x74, 0x12, 0x19, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, - 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, - 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x22, - 0x5a, 0x20, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, - 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x12, 0x28, 0x0a, 0x10, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x22, 0xd6, 0x01, 0x0a, 0x0d, 0x50, + 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x06, + 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, + 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, + 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x28, 0x0a, 0x10, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x5f, 0x70, 0x72, 0x6f, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, + 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x22, 0x44, 0x0a, + 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x0f, 0x0a, 0x0b, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, + 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, + 0x54, 0x10, 0x02, 0x22, 0x36, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x28, 0x0a, 0x10, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, + 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, + 0x68, 0x7a, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x22, 0x88, 0x01, 0x0a, 0x0b, + 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, + 0x5f, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x64, 0x4f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x28, 0x0a, 0x10, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x50, 0x72, 0x6f, + 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x32, 0xde, 0x01, 0x0a, 0x05, 0x41, 0x75, 0x74, 0x68, 0x7a, + 0x12, 0x53, 0x0a, 0x06, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x2e, 0x67, 0x6e, 0x73, + 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, + 0x65, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, + 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, + 0x74, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x1b, + 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x50, + 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6e, + 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x62, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3c, 0x0a, 0x03, 0x47, 0x65, 0x74, + 0x12, 0x19, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, + 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x67, 0x6e, + 0x73, 0x69, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x22, 0x5a, 0x20, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/authz/authz.proto b/authz/authz.proto index 27920cc..f641011 100644 --- a/authz/authz.proto +++ b/authz/authz.proto @@ -80,7 +80,6 @@ option go_package = "github.com/openconfig/gnsi/authz"; // all other RPCs is implementation dependent. service Authz { - // Rotate will replace an existing gRPC-level Authorization Policy on the // target. // @@ -117,8 +116,7 @@ service Authz { // Step 4: Final commit. // Client ---> FinalizeRequest ----> Target // - rpc Rotate(stream RotateAuthzRequest) - returns (stream RotateAuthzResponse); + rpc Rotate(stream RotateAuthzRequest) returns (stream RotateAuthzResponse); // Probe allows for evaluation of the gRPC-level Authorization Policy engine // response to a gRPC call performed by a user. @@ -180,8 +178,7 @@ message RotateAuthzResponse { // Note that the gRPC-level Authorization Policy change is considered rolled // back by the target if the target returns an error in response to the // Finalize message. -message FinalizeRequest { -} +message FinalizeRequest {} // UploadRequest instructs the target to store the given gRPC-level // Authorization Policy. @@ -217,8 +214,7 @@ message UploadRequest { string policy = 3; } -message UploadResponse { -} +message UploadResponse {} // ProbeRequest contains a single user name and the fully qualified name of the // gRPC call being attempted. @@ -230,6 +226,16 @@ message ProbeRequest { // It has to be a fully qualified name, like: // "/gnsi.ssh.Ssh/MutateHostCredentials" string rpc = 2; + + // The profile for which the authz policy is being probed. In the case that + // this field is not specified, the default authz policy which applies to all + // gRPC endpoints run by the target is assumed. Where non-default policies + // are to supported by an endpoint, the value of the profile determines which + // set of policies are to be probed. + // + // Note that the authz profile is considered independent from a SSL profile + // ID (as referenced by gnsi.Certz). + string authz_profile_id = 3; } // ProbeResponse returns the ACK/NACK for a single user request @@ -247,10 +253,20 @@ message ProbeResponse { Action action = 1; string version = 2; + string authz_profile_id = 3; } // GetRequest used to request the gRPC-level Authorization Policy. message GetRequest { + // The profile for which the authz policy is being requested. In the case that + // this field is not specified, the default authz policy which applies to all + // gRPC endpoints run by the target is assumed. Where non-default policies + // are to supported by an endpoint, the value of the profile determines which + // set of policies are returned. + // + // Note that the authz profile is considered independent from a SSL profile + // ID (as referenced by gnsi.Certz). + string authz_profile_id = 1; } // GetResponse returns the requested instance of the gRPC-level Authorization @@ -282,4 +298,5 @@ message GetResponse { // It is provided as a JSON formatted string whose structure is defined by // gRPC. string policy = 3; + string authz_profile_id = 4; } From 9e1644f38bcde6883ffa403a1767930a25309619 Mon Sep 17 00:00:00 2001 From: Lars Prehn Date: Tue, 17 Dec 2024 18:04:24 +0000 Subject: [PATCH 2/2] Fix lint issues. --- authz/authz.proto | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/authz/authz.proto b/authz/authz.proto index f641011..2ba0fde 100644 --- a/authz/authz.proto +++ b/authz/authz.proto @@ -178,7 +178,8 @@ message RotateAuthzResponse { // Note that the gRPC-level Authorization Policy change is considered rolled // back by the target if the target returns an error in response to the // Finalize message. -message FinalizeRequest {} +message FinalizeRequest { +} // UploadRequest instructs the target to store the given gRPC-level // Authorization Policy. @@ -214,7 +215,8 @@ message UploadRequest { string policy = 3; } -message UploadResponse {} +message UploadResponse { +} // ProbeRequest contains a single user name and the fully qualified name of the // gRPC call being attempted.