syntax = "proto3"; package acl; import "google/protobuf/empty.proto"; option go_package = "github.com/hashicorp/consul/proto-public/pbacl"; service ACLService { // Login exchanges the presented bearer token for a Consul ACL token using a // configured auth method. rpc Login(LoginRequest) returns (LoginResponse) {} // Logout destroys the given ACL token once the caller is done with it. rpc Logout(LogoutRequest) returns (google.protobuf.Empty) {} } message LoginRequest { // auth_method is the name of the configured auth method that will be used to // validate the presented bearer token. string auth_method = 1; // bearer_token is a token produced by a trusted identity provider as // configured by the auth method. string bearer_token = 2; // meta is a collection of arbitrary key-value pairs associated to the token, // it is useful for tracking the origin of tokens. map<string, string> meta = 3; // namespace (enterprise only) is the namespace in which the auth method // resides. string namespace = 4; // partition (enterprise only) is the partition in which the auth method // resides. string partition = 5; // datacenter is the target datacenter in which the request will be processed. string datacenter = 6; } message LoginResponse { // token is the generated ACL token. LoginToken token = 1; } message LoginToken { // accessor_id is a UUID used to identify the ACL token. string accessor_id = 1; // secret_id is a UUID presented as a credential by clients. string secret_id = 2; } message LogoutRequest { // token is the ACL token's secret ID. string token = 1; // datacenter is the target datacenter in which the request will be processed. string datacenter = 2; }