-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpolicy.proto
More file actions
80 lines (70 loc) · 2.61 KB
/
policy.proto
File metadata and controls
80 lines (70 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
syntax = "proto3";
package pomerium.dashboard;
option go_package = "github.com/pomerium/pomerium-console/pkg/pb";
option java_package = "com.pomerium.grpc.console"
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
// Policy defines an authorization policy which can be applied to a route or
// routes
message Policy {
string id = 1;
string namespace_id = 10;
google.protobuf.Timestamp created_at = 2;
google.protobuf.Timestamp modified_at = 3;
google.protobuf.Timestamp deleted_at = 4;
string name = 5;
string description = 16;
repeated string allowed_users = 6;
repeated string allowed_domains = 8;
map<string, google.protobuf.ListValue> allowed_idp_claims = 14;
// custom rego definition in string format
repeated string rego = 9;
// PPL definition in JSON format
string ppl = 15;
// policy is automatically applied to all routes in namespace_id and child
// namespaces
bool enforced = 13;
string explanation = 17;
string remediation = 18;
string originator_id = 19;
// computed
map<string, string> routes = 11; // route id => name
// computed
string namespace_name = 12;
}
message DeletePolicyRequest { string id = 1; }
message DeletePolicyResponse {}
message GetPolicyRequest { string id = 1; }
message GetPolicyResponse { Policy policy = 1; }
// ListPoliciesRequest specifies the policies to list
message ListPoliciesRequest {
string namespace = 1;
// list Policies whose name contains the query string
optional string query = 2;
// list Policies starting from an offset in the total list
optional int64 offset = 3;
// limit the number of entries returned
optional int64 limit = 4;
// sort the Policies by newest, oldest or name
optional string order_by = 5;
}
// ListPoliciesResponse is the list of policies found for a ListPoliciesRequest
message ListPoliciesResponse {
repeated Policy policies = 1;
int64 total_count = 2;
}
message SetPolicyRequest { Policy policy = 1; }
message SetPolicyResponse { Policy policy = 1; }
// PolicyService manages policy creation and definition
service PolicyService {
// DeletePolicy deletes an existing policy
rpc DeletePolicy(DeletePolicyRequest) returns (DeletePolicyResponse);
// GetPolicy retrieves an existing policy
rpc GetPolicy(GetPolicyRequest) returns (GetPolicyResponse);
// ListPolicies lists existing policies based on the ListPoliciesRequest
// parameters
rpc ListPolicies(ListPoliciesRequest) returns (ListPoliciesResponse);
// SetPolicy creates a new policy or, if the id is specified, updates an
// existing policy
rpc SetPolicy(SetPolicyRequest) returns (SetPolicyResponse);
}