Skip to content

Commit

Permalink
Proto changes to prepare the configs for more use cases
Browse files Browse the repository at this point in the history
PiperOrigin-RevId: 297413668
Change-Id: Ia1760a054668e5df12f2b0a7bdffcd5b81c4b10f
  • Loading branch information
cdvoisin authored and copybara-github committed Feb 26, 2020
1 parent bf618f5 commit 0ee95b4
Show file tree
Hide file tree
Showing 30 changed files with 981 additions and 874 deletions.
2 changes: 1 addition & 1 deletion admin.bash
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ declare -A COMMANDS=(
["print dam resource <name> view <name> roles"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/resources/$4/views/$6/roles"'
["print dam resource <name> view <name> role <name>"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/resources/$4/views/$6/roles"'
["print dam resources"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/resources"'
["print dam adapters"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/targetAdapters"'
["print dam services"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/services"'
["print dam personas"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/testPersonas"'
["print dam roles"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/damRoleCategories"'
["print dam translators"]='dam_curl_client "/dam/${API_VERSION?}/${REALM?}/passportTranslators"'
Expand Down
6 changes: 3 additions & 3 deletions apis.md
Original file line number Diff line number Diff line change
Expand Up @@ -270,14 +270,14 @@ DAM configuration. They filter out sensitive parts of the configuration.
They require valid "client_id" and "client_secret" parameters on the request.
* /dam/v1alpha/{realm}/client/{name}
* /dam/v1alpha/{realm}/damRoleCategories
* /dam/v1alpha/{realm}/resources
* /dam/v1alpha/{realm}/resources/{name}
* /dam/v1alpha/{realm}/flatViews
* /dam/v1alpha/{realm}/passportTranslators
* /dam/v1alpha/{realm}/resources/{name}/views
* /dam/v1alpha/{realm}/resources/{name}/views/{view}
* /dam/v1alpha/{realm}/resources/{name}/views/{view}/roles
* /dam/v1alpha/{realm}/resources/{name}/views/{view}/roles/{role}
* /dam/v1alpha/{realm}/targetAdapters
* /dam/v1alpha/{realm}/passportTranslators
* /dam/v1alpha/{realm}/damRoleCategories
* /dam/v1alpha/{realm}/services
* /dam/v1alpha/{realm}/testPersonas
43 changes: 0 additions & 43 deletions deploy/config/dam-static/adapter_master_gatekeeper_latest.json

This file was deleted.

29 changes: 15 additions & 14 deletions deploy/config/dam-template/config_master_main_latest.json
Original file line number Diff line number Diff line change
Expand Up @@ -163,36 +163,37 @@
},
"serviceTemplates": {
"gcs": {
"serviceName": "token:gcp:sa",
"itemFormat": "gcs",
"serviceName": "gcs",
"roles": {
"viewer": {
"targetRoles": ["roles/storage.objectViewer"],
"targetScopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"serviceArgs": {
"roles": { "values": ["roles/storage.objectViewer"] }
},
"damRoleCategories": ["metadata", "list", "read"],
"ui": {
"label": "File Viewer",
"description": "List and read files"
}
},
"creator": {
"targetRoles": ["roles/storage.objectCreator"],
"serviceArgs": {
"roles": { "values": ["roles/storage.objectCreator"] }
},
"damRoleCategories": ["write"],
"ui": {
"label": "File Creator",
"description": "Write files (without read access)"
}
},
"editor": {
"targetRoles": [
"roles/storage.objectViewer",
"roles/storage.objectCreator"
],
"targetScopes": [
"https://www.googleapis.com/auth/cloud-platform"
],
"serviceArgs": {
"roles": {
"values": [
"roles/storage.objectViewer",
"roles/storage.objectCreator"
]
}
},
"damRoleCategories": ["metadata", "list", "read", "write"],
"ui": {
"label": "File Editor",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,17 +1,14 @@
{
"platform": "dam",
"requirements": {
"targetRole": false,
"targetScope": false,
"aud": false
},
"properties": {
"isAggregate": true,
"canBeAggregated": false
},
"itemFormats": {
"view": {
"variables": {
"services": {
"aggregator": {
"platform": "dam",
"properties": {
"isAggregate": true,
"canBeAggregated": false
},
"serviceVariables": {
},
"itemVariables": {
"resource": {
"type": "const",
"regexp": "^[A-Za-z][\\w\\-]*$",
Expand All @@ -30,12 +27,9 @@
}
},
"ui": {
"label": "Aggregate compatible views across resources"
"label": "View Aggregator",
"description": "Combines compatible views across resources to produce a single token with access to all of them"
}
}
},
"ui": {
"description": "Combines compatible views across resources to produce a single token with access to all of them",
"label": "View Aggregator"
}
}
45 changes: 45 additions & 0 deletions deploy/metadata/adapter_gatekeeper.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"services": {
"gatekeeper": {
"platform": "oauth",
"properties": {
"singleItem": true,
"isAggregate": false,
"canBeAggregated": false
},
"serviceVariables": {
"scopes": {
"type": "const",
"regexp": ".",
"ui": {
"label": "Scopes",
"description": "An identifier to include in the 'scope' claim as part of the token permission model"
}
}
},
"itemVariables": {
"aud": {
"type": "const",
"regexp": ".",
"ui": {
"label": "Audience",
"description": "A unique JWT audience for the token to distiguish this resource or view from all others"
}
},
"url": {
"type": "const",
"regexp": "^(http://|https://).*$",
"ui": {
"label": "URL for the service",
"description": "Provide only one URL (i.e. one item) per resource view"
}
}
},
"ui": {
"description": "Generates scoped-down OAuth OIDC access tokens for use with a Gatekeeper Proxy (requires administrator to deploy a compatible reverse proxy underlying services)",
"label": "Gatekeeper Token",
"itemFormat": "http://{URL-FRAGMENT} or https://{URL-FRAGMENT}"
}
}
}
}
Original file line number Diff line number Diff line change
@@ -1,17 +1,31 @@
{
"platform": "gcp",
"requirements": {
"targetRole": true,
"targetScope": false,
"aud": false
},
"properties": {
"isAggregate": false,
"canBeAggregated": true
},
"itemFormats": {
"services": {
"gcs": {
"variables": {
"platform": "gcp",
"properties": {
"isAggregate": false,
"canBeAggregated": true
},
"serviceVariables": {
"roles": {
"type": "const",
"regexp": "^roles/.*$",
"ui": {
"label": "GCS Roles",
"description": "GCS standard or custom role name starting with 'roles/' prefix"
}
},
"scopes": {
"type": "const",
"optional": true,
"regexp": ".",
"ui": {
"label": "GCP Scopes",
"description": "An advanced GCP identifier to include in the 'scope' claim as part of the token permission model. Default: 'https://www.googleapis.com/auth/cloud-platform'"
}
}
},
"itemVariables": {
"project": {
"type": "const",
"regexp": "^[a-z]([-a-z0-9]*[a-z0-9])?$",
Expand Down Expand Up @@ -54,7 +68,31 @@
}
},
"bigquery": {
"variables": {
"platform": "gcp",
"properties": {
"isAggregate": false,
"canBeAggregated": true
},
"serviceVariables": {
"roles": {
"type": "const",
"regexp": "^roles/.*$",
"ui": {
"label": "BigQuery Roles",
"description": "BigQuery standard or custom role name starting with 'roles/' prefix"
}
},
"scopes": {
"type": "const",
"optional": true,
"regexp": ".",
"ui": {
"label": "GCP Scopes",
"description": "An advanced GCP identifier to include in the 'scope' claim as part of the token permission model. Default: 'https://www.googleapis.com/auth/cloud-platform'"
}
}
},
"itemVariables": {
"project": {
"type": "const",
"regexp": "^[a-z]([-a-z0-9]*[a-z0-9])?$",
Expand All @@ -78,9 +116,5 @@
"description": "Google BigQuery is an enterprise data warehouse that solves this problem by enabling super-fast SQL queries using the processing power of Google's infrastructure."
}
}
},
"ui": {
"description": "Generates down-scoped Service Account access tokens for use on Google Cloud Platform (GCP)",
"label": "GCP Service Account Token"
}
}
File renamed without changes.
Loading

0 comments on commit 0ee95b4

Please sign in to comment.