1// Code generated by protoc-gen-go. DO NOT EDIT.
2// source: google/api/auth.proto
3
4package serviceconfig // import "google.golang.org/genproto/googleapis/api/serviceconfig"
5
6import proto "github.com/golang/protobuf/proto"
7import fmt "fmt"
8import math "math"
9import _ "google.golang.org/genproto/googleapis/api/annotations"
10
11// Reference imports to suppress errors if they are not otherwise used.
12var _ = proto.Marshal
13var _ = fmt.Errorf
14var _ = math.Inf
15
16// This is a compile-time assertion to ensure that this generated file
17// is compatible with the proto package it is being compiled against.
18// A compilation error at this line likely means your copy of the
19// proto package needs to be updated.
20const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
21
22// `Authentication` defines the authentication configuration for an API.
23//
24// Example for an API targeted for external use:
25//
26//     name: calendar.googleapis.com
27//     authentication:
28//       providers:
29//       - id: google_calendar_auth
30//         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
31//         issuer: https://securetoken.google.com
32//       rules:
33//       - selector: "*"
34//         requirements:
35//           provider_id: google_calendar_auth
36type Authentication struct {
37	// A list of authentication rules that apply to individual API methods.
38	//
39	// **NOTE:** All service configuration rules follow "last one wins" order.
40	Rules []*AuthenticationRule `protobuf:"bytes,3,rep,name=rules,proto3" json:"rules,omitempty"`
41	// Defines a set of authentication providers that a service supports.
42	Providers            []*AuthProvider `protobuf:"bytes,4,rep,name=providers,proto3" json:"providers,omitempty"`
43	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
44	XXX_unrecognized     []byte          `json:"-"`
45	XXX_sizecache        int32           `json:"-"`
46}
47
48func (m *Authentication) Reset()         { *m = Authentication{} }
49func (m *Authentication) String() string { return proto.CompactTextString(m) }
50func (*Authentication) ProtoMessage()    {}
51func (*Authentication) Descriptor() ([]byte, []int) {
52	return fileDescriptor_auth_88c4f5ae0863ae9c, []int{0}
53}
54func (m *Authentication) XXX_Unmarshal(b []byte) error {
55	return xxx_messageInfo_Authentication.Unmarshal(m, b)
56}
57func (m *Authentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
58	return xxx_messageInfo_Authentication.Marshal(b, m, deterministic)
59}
60func (dst *Authentication) XXX_Merge(src proto.Message) {
61	xxx_messageInfo_Authentication.Merge(dst, src)
62}
63func (m *Authentication) XXX_Size() int {
64	return xxx_messageInfo_Authentication.Size(m)
65}
66func (m *Authentication) XXX_DiscardUnknown() {
67	xxx_messageInfo_Authentication.DiscardUnknown(m)
68}
69
70var xxx_messageInfo_Authentication proto.InternalMessageInfo
71
72func (m *Authentication) GetRules() []*AuthenticationRule {
73	if m != nil {
74		return m.Rules
75	}
76	return nil
77}
78
79func (m *Authentication) GetProviders() []*AuthProvider {
80	if m != nil {
81		return m.Providers
82	}
83	return nil
84}
85
86// Authentication rules for the service.
87//
88// By default, if a method has any authentication requirements, every request
89// must include a valid credential matching one of the requirements.
90// It's an error to include more than one kind of credential in a single
91// request.
92//
93// If a method doesn't have any auth requirements, request credentials will be
94// ignored.
95type AuthenticationRule struct {
96	// Selects the methods to which this rule applies.
97	//
98	// Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
99	Selector string `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
100	// The requirements for OAuth credentials.
101	Oauth *OAuthRequirements `protobuf:"bytes,2,opt,name=oauth,proto3" json:"oauth,omitempty"`
102	// If true, the service accepts API keys without any other credential.
103	AllowWithoutCredential bool `protobuf:"varint,5,opt,name=allow_without_credential,json=allowWithoutCredential,proto3" json:"allow_without_credential,omitempty"`
104	// Requirements for additional authentication providers.
105	Requirements         []*AuthRequirement `protobuf:"bytes,7,rep,name=requirements,proto3" json:"requirements,omitempty"`
106	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
107	XXX_unrecognized     []byte             `json:"-"`
108	XXX_sizecache        int32              `json:"-"`
109}
110
111func (m *AuthenticationRule) Reset()         { *m = AuthenticationRule{} }
112func (m *AuthenticationRule) String() string { return proto.CompactTextString(m) }
113func (*AuthenticationRule) ProtoMessage()    {}
114func (*AuthenticationRule) Descriptor() ([]byte, []int) {
115	return fileDescriptor_auth_88c4f5ae0863ae9c, []int{1}
116}
117func (m *AuthenticationRule) XXX_Unmarshal(b []byte) error {
118	return xxx_messageInfo_AuthenticationRule.Unmarshal(m, b)
119}
120func (m *AuthenticationRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
121	return xxx_messageInfo_AuthenticationRule.Marshal(b, m, deterministic)
122}
123func (dst *AuthenticationRule) XXX_Merge(src proto.Message) {
124	xxx_messageInfo_AuthenticationRule.Merge(dst, src)
125}
126func (m *AuthenticationRule) XXX_Size() int {
127	return xxx_messageInfo_AuthenticationRule.Size(m)
128}
129func (m *AuthenticationRule) XXX_DiscardUnknown() {
130	xxx_messageInfo_AuthenticationRule.DiscardUnknown(m)
131}
132
133var xxx_messageInfo_AuthenticationRule proto.InternalMessageInfo
134
135func (m *AuthenticationRule) GetSelector() string {
136	if m != nil {
137		return m.Selector
138	}
139	return ""
140}
141
142func (m *AuthenticationRule) GetOauth() *OAuthRequirements {
143	if m != nil {
144		return m.Oauth
145	}
146	return nil
147}
148
149func (m *AuthenticationRule) GetAllowWithoutCredential() bool {
150	if m != nil {
151		return m.AllowWithoutCredential
152	}
153	return false
154}
155
156func (m *AuthenticationRule) GetRequirements() []*AuthRequirement {
157	if m != nil {
158		return m.Requirements
159	}
160	return nil
161}
162
163// Configuration for an anthentication provider, including support for
164// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
165type AuthProvider struct {
166	// The unique identifier of the auth provider. It will be referred to by
167	// `AuthRequirement.provider_id`.
168	//
169	// Example: "bookstore_auth".
170	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
171	// Identifies the principal that issued the JWT. See
172	// https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
173	// Usually a URL or an email address.
174	//
175	// Example: https://securetoken.google.com
176	// Example: 1234567-compute@developer.gserviceaccount.com
177	Issuer string `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`
178	// URL of the provider's public key set to validate signature of the JWT. See
179	// [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
180	// Optional if the key set document:
181	//  - can be retrieved from
182	//    [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html
183	//    of the issuer.
184	//  - can be inferred from the email domain of the issuer (e.g. a Google service account).
185	//
186	// Example: https://www.googleapis.com/oauth2/v1/certs
187	JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
188	// The list of JWT
189	// [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
190	// that are allowed to access. A JWT containing any of these audiences will
191	// be accepted. When this setting is absent, only JWTs with audience
192	// "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
193	// will be accepted. For example, if no audiences are in the setting,
194	// LibraryService API will only accept JWTs with the following audience
195	// "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
196	//
197	// Example:
198	//
199	//     audiences: bookstore_android.apps.googleusercontent.com,
200	//                bookstore_web.apps.googleusercontent.com
201	Audiences string `protobuf:"bytes,4,opt,name=audiences,proto3" json:"audiences,omitempty"`
202	// Redirect URL if JWT token is required but no present or is expired.
203	// Implement authorizationUrl of securityDefinitions in OpenAPI spec.
204	AuthorizationUrl     string   `protobuf:"bytes,5,opt,name=authorization_url,json=authorizationUrl,proto3" json:"authorization_url,omitempty"`
205	XXX_NoUnkeyedLiteral struct{} `json:"-"`
206	XXX_unrecognized     []byte   `json:"-"`
207	XXX_sizecache        int32    `json:"-"`
208}
209
210func (m *AuthProvider) Reset()         { *m = AuthProvider{} }
211func (m *AuthProvider) String() string { return proto.CompactTextString(m) }
212func (*AuthProvider) ProtoMessage()    {}
213func (*AuthProvider) Descriptor() ([]byte, []int) {
214	return fileDescriptor_auth_88c4f5ae0863ae9c, []int{2}
215}
216func (m *AuthProvider) XXX_Unmarshal(b []byte) error {
217	return xxx_messageInfo_AuthProvider.Unmarshal(m, b)
218}
219func (m *AuthProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
220	return xxx_messageInfo_AuthProvider.Marshal(b, m, deterministic)
221}
222func (dst *AuthProvider) XXX_Merge(src proto.Message) {
223	xxx_messageInfo_AuthProvider.Merge(dst, src)
224}
225func (m *AuthProvider) XXX_Size() int {
226	return xxx_messageInfo_AuthProvider.Size(m)
227}
228func (m *AuthProvider) XXX_DiscardUnknown() {
229	xxx_messageInfo_AuthProvider.DiscardUnknown(m)
230}
231
232var xxx_messageInfo_AuthProvider proto.InternalMessageInfo
233
234func (m *AuthProvider) GetId() string {
235	if m != nil {
236		return m.Id
237	}
238	return ""
239}
240
241func (m *AuthProvider) GetIssuer() string {
242	if m != nil {
243		return m.Issuer
244	}
245	return ""
246}
247
248func (m *AuthProvider) GetJwksUri() string {
249	if m != nil {
250		return m.JwksUri
251	}
252	return ""
253}
254
255func (m *AuthProvider) GetAudiences() string {
256	if m != nil {
257		return m.Audiences
258	}
259	return ""
260}
261
262func (m *AuthProvider) GetAuthorizationUrl() string {
263	if m != nil {
264		return m.AuthorizationUrl
265	}
266	return ""
267}
268
269// OAuth scopes are a way to define data and permissions on data. For example,
270// there are scopes defined for "Read-only access to Google Calendar" and
271// "Access to Cloud Platform". Users can consent to a scope for an application,
272// giving it permission to access that data on their behalf.
273//
274// OAuth scope specifications should be fairly coarse grained; a user will need
275// to see and understand the text description of what your scope means.
276//
277// In most cases: use one or at most two OAuth scopes for an entire family of
278// products. If your product has multiple APIs, you should probably be sharing
279// the OAuth scope across all of those APIs.
280//
281// When you need finer grained OAuth consent screens: talk with your product
282// management about how developers will use them in practice.
283//
284// Please note that even though each of the canonical scopes is enough for a
285// request to be accepted and passed to the backend, a request can still fail
286// due to the backend requiring additional scopes or permissions.
287type OAuthRequirements struct {
288	// The list of publicly documented OAuth scopes that are allowed access. An
289	// OAuth token containing any of these scopes will be accepted.
290	//
291	// Example:
292	//
293	//      canonical_scopes: https://www.googleapis.com/auth/calendar,
294	//                        https://www.googleapis.com/auth/calendar.read
295	CanonicalScopes      string   `protobuf:"bytes,1,opt,name=canonical_scopes,json=canonicalScopes,proto3" json:"canonical_scopes,omitempty"`
296	XXX_NoUnkeyedLiteral struct{} `json:"-"`
297	XXX_unrecognized     []byte   `json:"-"`
298	XXX_sizecache        int32    `json:"-"`
299}
300
301func (m *OAuthRequirements) Reset()         { *m = OAuthRequirements{} }
302func (m *OAuthRequirements) String() string { return proto.CompactTextString(m) }
303func (*OAuthRequirements) ProtoMessage()    {}
304func (*OAuthRequirements) Descriptor() ([]byte, []int) {
305	return fileDescriptor_auth_88c4f5ae0863ae9c, []int{3}
306}
307func (m *OAuthRequirements) XXX_Unmarshal(b []byte) error {
308	return xxx_messageInfo_OAuthRequirements.Unmarshal(m, b)
309}
310func (m *OAuthRequirements) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
311	return xxx_messageInfo_OAuthRequirements.Marshal(b, m, deterministic)
312}
313func (dst *OAuthRequirements) XXX_Merge(src proto.Message) {
314	xxx_messageInfo_OAuthRequirements.Merge(dst, src)
315}
316func (m *OAuthRequirements) XXX_Size() int {
317	return xxx_messageInfo_OAuthRequirements.Size(m)
318}
319func (m *OAuthRequirements) XXX_DiscardUnknown() {
320	xxx_messageInfo_OAuthRequirements.DiscardUnknown(m)
321}
322
323var xxx_messageInfo_OAuthRequirements proto.InternalMessageInfo
324
325func (m *OAuthRequirements) GetCanonicalScopes() string {
326	if m != nil {
327		return m.CanonicalScopes
328	}
329	return ""
330}
331
332// User-defined authentication requirements, including support for
333// [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
334type AuthRequirement struct {
335	// [id][google.api.AuthProvider.id] from authentication provider.
336	//
337	// Example:
338	//
339	//     provider_id: bookstore_auth
340	ProviderId string `protobuf:"bytes,1,opt,name=provider_id,json=providerId,proto3" json:"provider_id,omitempty"`
341	// NOTE: This will be deprecated soon, once AuthProvider.audiences is
342	// implemented and accepted in all the runtime components.
343	//
344	// The list of JWT
345	// [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
346	// that are allowed to access. A JWT containing any of these audiences will
347	// be accepted. When this setting is absent, only JWTs with audience
348	// "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
349	// will be accepted. For example, if no audiences are in the setting,
350	// LibraryService API will only accept JWTs with the following audience
351	// "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
352	//
353	// Example:
354	//
355	//     audiences: bookstore_android.apps.googleusercontent.com,
356	//                bookstore_web.apps.googleusercontent.com
357	Audiences            string   `protobuf:"bytes,2,opt,name=audiences,proto3" json:"audiences,omitempty"`
358	XXX_NoUnkeyedLiteral struct{} `json:"-"`
359	XXX_unrecognized     []byte   `json:"-"`
360	XXX_sizecache        int32    `json:"-"`
361}
362
363func (m *AuthRequirement) Reset()         { *m = AuthRequirement{} }
364func (m *AuthRequirement) String() string { return proto.CompactTextString(m) }
365func (*AuthRequirement) ProtoMessage()    {}
366func (*AuthRequirement) Descriptor() ([]byte, []int) {
367	return fileDescriptor_auth_88c4f5ae0863ae9c, []int{4}
368}
369func (m *AuthRequirement) XXX_Unmarshal(b []byte) error {
370	return xxx_messageInfo_AuthRequirement.Unmarshal(m, b)
371}
372func (m *AuthRequirement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
373	return xxx_messageInfo_AuthRequirement.Marshal(b, m, deterministic)
374}
375func (dst *AuthRequirement) XXX_Merge(src proto.Message) {
376	xxx_messageInfo_AuthRequirement.Merge(dst, src)
377}
378func (m *AuthRequirement) XXX_Size() int {
379	return xxx_messageInfo_AuthRequirement.Size(m)
380}
381func (m *AuthRequirement) XXX_DiscardUnknown() {
382	xxx_messageInfo_AuthRequirement.DiscardUnknown(m)
383}
384
385var xxx_messageInfo_AuthRequirement proto.InternalMessageInfo
386
387func (m *AuthRequirement) GetProviderId() string {
388	if m != nil {
389		return m.ProviderId
390	}
391	return ""
392}
393
394func (m *AuthRequirement) GetAudiences() string {
395	if m != nil {
396		return m.Audiences
397	}
398	return ""
399}
400
401func init() {
402	proto.RegisterType((*Authentication)(nil), "google.api.Authentication")
403	proto.RegisterType((*AuthenticationRule)(nil), "google.api.AuthenticationRule")
404	proto.RegisterType((*AuthProvider)(nil), "google.api.AuthProvider")
405	proto.RegisterType((*OAuthRequirements)(nil), "google.api.OAuthRequirements")
406	proto.RegisterType((*AuthRequirement)(nil), "google.api.AuthRequirement")
407}
408
409func init() { proto.RegisterFile("google/api/auth.proto", fileDescriptor_auth_88c4f5ae0863ae9c) }
410
411var fileDescriptor_auth_88c4f5ae0863ae9c = []byte{
412	// 465 bytes of a gzipped FileDescriptorProto
413	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x52, 0x5f, 0x6b, 0x13, 0x4f,
414	0x14, 0x65, 0x93, 0xa6, 0xcd, 0xde, 0x94, 0xb4, 0x1d, 0xf8, 0x95, 0xfd, 0xd5, 0xaa, 0x21, 0x4f,
415	0x11, 0x61, 0x03, 0xad, 0x88, 0x20, 0x28, 0xad, 0x88, 0xf4, 0xc9, 0x30, 0x52, 0x04, 0x5f, 0x96,
416	0x71, 0x76, 0xdc, 0x8c, 0x9d, 0xce, 0x5d, 0xe7, 0x4f, 0x03, 0x3e, 0xf8, 0x49, 0x7c, 0xf2, 0x93,
417	0xf9, 0x51, 0x64, 0x67, 0xb7, 0xc9, 0x6e, 0xfa, 0x78, 0xef, 0x39, 0xe7, 0xde, 0x7b, 0xce, 0x0c,
418	0xfc, 0x57, 0x20, 0x16, 0x4a, 0xcc, 0x59, 0x29, 0xe7, 0xcc, 0xbb, 0x65, 0x5a, 0x1a, 0x74, 0x48,
419	0xa0, 0x6e, 0xa7, 0xac, 0x94, 0x27, 0xa7, 0x6d, 0x8a, 0xd6, 0xe8, 0x98, 0x93, 0xa8, 0x6d, 0xcd,
420	0x9c, 0xfe, 0x82, 0xf1, 0x85, 0x77, 0x4b, 0xa1, 0x9d, 0xe4, 0x01, 0x20, 0x2f, 0x60, 0x60, 0xbc,
421	0x12, 0x36, 0xe9, 0x4f, 0xfa, 0xb3, 0xd1, 0xd9, 0x93, 0x74, 0x33, 0x2b, 0xed, 0x52, 0xa9, 0x57,
422	0x82, 0xd6, 0x64, 0xf2, 0x12, 0xe2, 0xd2, 0xe0, 0x9d, 0xcc, 0x85, 0xb1, 0xc9, 0x4e, 0x50, 0x26,
423	0xdb, 0xca, 0x45, 0x43, 0xa0, 0x1b, 0xea, 0xf4, 0x6f, 0x04, 0xe4, 0xe1, 0x54, 0x72, 0x02, 0x43,
424	0x2b, 0x94, 0xe0, 0x0e, 0x4d, 0x12, 0x4d, 0xa2, 0x59, 0x4c, 0xd7, 0x35, 0x39, 0x87, 0x01, 0x56,
425	0x5e, 0x93, 0xde, 0x24, 0x9a, 0x8d, 0xce, 0x1e, 0xb7, 0xd7, 0x7c, 0xac, 0x66, 0x51, 0xf1, 0xc3,
426	0x4b, 0x23, 0x6e, 0x85, 0x76, 0x96, 0xd6, 0x5c, 0xf2, 0x0a, 0x12, 0xa6, 0x14, 0xae, 0xb2, 0x95,
427	0x74, 0x4b, 0xf4, 0x2e, 0xe3, 0x46, 0xe4, 0xd5, 0x52, 0xa6, 0x92, 0xc1, 0x24, 0x9a, 0x0d, 0xe9,
428	0x71, 0xc0, 0x3f, 0xd7, 0xf0, 0xbb, 0x35, 0x4a, 0xde, 0xc2, 0xbe, 0x69, 0x0d, 0x4c, 0xf6, 0x82,
429	0xb9, 0x47, 0xdb, 0xe6, 0x5a, 0x4b, 0x69, 0x47, 0x30, 0xfd, 0x1d, 0xc1, 0x7e, 0xdb, 0x3e, 0x19,
430	0x43, 0x4f, 0xe6, 0x8d, 0xad, 0x9e, 0xcc, 0xc9, 0x31, 0xec, 0x4a, 0x6b, 0xbd, 0x30, 0xc1, 0x51,
431	0x4c, 0x9b, 0x8a, 0xfc, 0x0f, 0xc3, 0xef, 0xab, 0x1b, 0x9b, 0x79, 0x23, 0x93, 0x7e, 0x40, 0xf6,
432	0xaa, 0xfa, 0xda, 0x48, 0x72, 0x0a, 0x31, 0xf3, 0xb9, 0x14, 0x9a, 0x8b, 0x2a, 0xee, 0x0a, 0xdb,
433	0x34, 0xc8, 0x73, 0x38, 0xaa, 0x4c, 0xa3, 0x91, 0x3f, 0x43, 0xa4, 0x99, 0x37, 0xb5, 0xcb, 0x98,
434	0x1e, 0x76, 0x80, 0x6b, 0xa3, 0xa6, 0x6f, 0xe0, 0xe8, 0x41, 0x6a, 0xe4, 0x19, 0x1c, 0x72, 0xa6,
435	0x51, 0x4b, 0xce, 0x54, 0x66, 0x39, 0x96, 0xc2, 0x36, 0x07, 0x1f, 0xac, 0xfb, 0x9f, 0x42, 0x7b,
436	0xba, 0x80, 0x83, 0x2d, 0x39, 0x79, 0x0a, 0xa3, 0xfb, 0x17, 0xce, 0xd6, 0x4e, 0xe1, 0xbe, 0x75,
437	0x95, 0x77, 0xcf, 0xef, 0x6d, 0x9d, 0x7f, 0x79, 0x03, 0x63, 0x8e, 0xb7, 0xad, 0x80, 0x2f, 0xe3,
438	0x26, 0x3f, 0x87, 0x8b, 0xe8, 0xcb, 0xfb, 0x06, 0x28, 0x50, 0x31, 0x5d, 0xa4, 0x68, 0x8a, 0x79,
439	0x21, 0x74, 0xf8, 0xce, 0xf3, 0x1a, 0x62, 0xa5, 0xb4, 0xe1, 0xbf, 0x5b, 0x61, 0xee, 0x24, 0x17,
440	0x1c, 0xf5, 0x37, 0x59, 0xbc, 0xee, 0x54, 0x7f, 0x7a, 0x3b, 0x1f, 0x2e, 0x16, 0x57, 0x5f, 0x77,
441	0x83, 0xf0, 0xfc, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe5, 0xa3, 0x9d, 0xc6, 0x4a, 0x03, 0x00,
442	0x00,
443}
444