forked from luci/luci-py
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.proto
197 lines (159 loc) · 6.44 KB
/
config.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
// Copyright 2016 The LUCI Authors. All rights reserved.
// Use of this source code is governed under the Apache License, Version 2.0
// that can be found in the LICENSE file.
syntax = "proto2";
// Schema for settings.cfg service config file in luci-config.
message SettingsCfg {
// id to inject into pages if applicable.
optional string google_analytics = 1;
// The number of seconds an old task can be deduped from.
// Default is one week: 7*24*60*60 = 604800
optional int32 reusable_task_age_secs = 2;
// The amount of time that has to pass before a machine is considered dead.
// Default is 600 (10 minutes).
optional int32 bot_death_timeout_secs = 3;
// Enable ts_mon based monitoring.
optional bool enable_ts_monitoring = 4;
// Configuration for swarming-isolate integration.
optional IsolateSettings isolate = 5;
// Configuration for swarming-cipd integration.
optional CipdSettings cipd = 6;
// Configuration for swarming-mp integration.
optional MachineProviderSettings mp = 7;
// Emergency setting to disable bot task reaping. When set, all bots are
// always put to sleep and are never granted task.
optional bool force_bots_to_sleep_and_not_run_task = 8;
// oauth client id for the ui. This is created in the developer's console
// under Credentials.
optional string ui_client_id = 9;
// A mapping "dimension" => "who can posts tasks for it".
optional DimensionACLs dimension_acls = 10;
// A url to a task display server (e.g. milo). This should have a %s where
// a task id can go.
optional string display_server_url_template = 11;
// Sets a maximum sleep time in seconds for bots that limits the exponental
// backoff. If missing, the task scheduler will provide the default maximum
// (usually 60s, but see bot_code/task_scheduler.py for details).
optional int32 max_bot_sleep_time = 12;
// Names of the authorization groups used by components/auth.
optional AuthSettings auth = 13;
// Sets the default gRPC proxy for the bot's Isolate server calls.
optional string bot_isolate_grpc_proxy = 14;
}
// Configuration for swarming-isolate integration.
message IsolateSettings {
// URL of the default isolate server to use if it is not specified in a
// task. Must start with "https://" or "http://",
// e.g. "https://isolateserver.appspot.com"
optional string default_server = 1;
// Default namespace to use if it is not specified in a task,
// e.g. "default-gzip"
optional string default_namespace = 2;
}
// A CIPD package.
message CipdPackage {
// A template of a full CIPD package name, e.g.
// "infra/tools/cipd/${platform}"
// See also cipd.ALL_PARAMS.
optional string package_name = 1;
// Valid package version for all packages matched by package name.
optional string version = 2;
}
// Settings for Swarming-CIPD integration.
message CipdSettings {
// URL of the default CIPD server to use if it is not specified in a task.
// Must start with "https://" or "http://",
// e.g. "https://chrome-infra-packages.appspot.com".
optional string default_server = 1;
// Package of the default CIPD client to use if it is not specified in a
// task.
optional CipdPackage default_client_package = 2;
}
// Settings for Swarming-MP integration.
message MachineProviderSettings {
// Whether or not Swarming-MP integration is enabled.
optional bool enabled = 1;
// URL of the Machine Provider server to use.
optional string server = 2;
}
// Access control lists for dimensions.
//
// A dimension (concrete 'key:value' pair) can have an ACL attached to it that
// lists all who can post tasks with this dimension. This is especially useful
// for 'pool' dimension: the ACL controls who can use machines in the
// corresponding pool.
//
// This work in conjunction with global 'swarming-users' group check: in order
// to post a task that uses dimension "X:Y", the user must be both in
// 'swarming-users' group and in "X:Y"'s ACL.
//
// The default ACL (the one used if dimension is not specified in this config)
// is "all", e.g. any user in 'swarming-users' can use the dimension.
//
// TODO(vadimsh): This is a simple temporary scheme. It will likely
// significantly change in the future when we introduce a notion of Project.
message DimensionACLs {
message Entry {
// A "<key>:<value>" pairs specifying dimensions protected by this ACL.
//
// Also accepts "<key>:*" value, that means "any value for <key> dimension".
repeated string dimension = 1;
// A name of a group with users that are allowed to post tasks with the
// given dimension value.
//
// This check always work in conjunction with 'swarming-users' group check:
// in order to post a task that uses dimension "X:Y", the user must be both
// in 'swarming-users' group and in "X:Y"'s 'usable_by' group.
optional string usable_by = 2;
}
// Entries with ACLs for individual dimensions. Order is irrelevant.
repeated Entry entry = 1;
}
// Access control groups for the swarming service. Custom group names
// allow several swarming instances to co-exist under the same "auth"
// server.
//
// All groups default to 'administrators'.
//
// See
// https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Groups.md
// for more detail.
message AuthSettings {
// Members of this group have full administrative access.
//
// Grants:
// - config view and edit
// - delete any bot
// - all of bot_bootstrap_group membership
// - all of privileged_users_group membership
optional string admins_group = 1;
// Members of this group can fetch swarming bot code and bootstrap bots.
//
// Grants:
// - bot create: create a token to anonymously fetch the bot code.
optional string bot_bootstrap_group = 2;
// Members of this group can schedule tasks and see everyone else's tasks.
//
// Grants:
// - cancel any task
// - edit (terminate) any bot
// - all of view_all_bots_group membership
// - all of view_all_tasks_group membership
optional string privileged_users_group = 3;
// Members of this group can schedule tasks and see only their own tasks.
//
// Grants:
// - create a task
// - view and edit own task
optional string users_group = 4;
// Members of this group can view all bots. This is a read-only group.
//
// Grants:
// - view all bots
optional string view_all_bots_group = 5;
// Members of this group can view all tasks. This is a read-only group.
//
// Grants:
// - view all tasks
optional string view_all_tasks_group = 6;
}