@flyteorg/flyteidl2 2.0.0-alpha10

package/flyteidl2/core/security_pb.ts

@@ -0,0 +1,310 @@
+// @generated by protoc-gen-es v2.2.5 with parameter "target=ts,import_extension=.ts"
+// @generated from file flyteidl2/core/security.proto (package flyteidl2.core, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv1";
+import { enumDesc, fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv1";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file flyteidl2/core/security.proto.
+ */
+export const file_flyteidl2_core_security: GenFile = /*@__PURE__*/
+  fileDesc("Ch1mbHl0ZWlkbDIvY29yZS9zZWN1cml0eS5wcm90bxIOZmx5dGVpZGwyLmNvcmUitgEKBlNlY3JldBINCgVncm91cBgBIAEoCRIVCg1ncm91cF92ZXJzaW9uGAIgASgJEgsKA2tleRgDIAEoCRI7ChFtb3VudF9yZXF1aXJlbWVudBgEIAEoDjIgLmZseXRlaWRsMi5jb3JlLlNlY3JldC5Nb3VudFR5cGUSDwoHZW52X3ZhchgFIAEoCSIrCglNb3VudFR5cGUSBwoDQU5ZEAASCwoHRU5WX1ZBUhABEggKBEZJTEUQAiJQCgxPQXV0aDJDbGllbnQSEQoJY2xpZW50X2lkGAEgASgJEi0KDWNsaWVudF9zZWNyZXQYAiABKAsyFi5mbHl0ZWlkbDIuY29yZS5TZWNyZXQiigEKCElkZW50aXR5EhAKCGlhbV9yb2xlGAEgASgJEhsKE2s4c19zZXJ2aWNlX2FjY291bnQYAiABKAkSMwoNb2F1dGgyX2NsaWVudBgDIAEoCzIcLmZseXRlaWRsMi5jb3JlLk9BdXRoMkNsaWVudBIaChJleGVjdXRpb25faWRlbnRpdHkYBCABKAki3wEKEk9BdXRoMlRva2VuUmVxdWVzdBIMCgRuYW1lGAEgASgJEjUKBHR5cGUYAiABKA4yJy5mbHl0ZWlkbDIuY29yZS5PQXV0aDJUb2tlblJlcXVlc3QuVHlwZRIsCgZjbGllbnQYAyABKAsyHC5mbHl0ZWlkbDIuY29yZS5PQXV0aDJDbGllbnQSHgoWaWRwX2Rpc2NvdmVyeV9lbmRwb2ludBgEIAEoCRIWCg50b2tlbl9lbmRwb2ludBgFIAEoCSIeCgRUeXBlEhYKEkNMSUVOVF9DUkVERU5USUFMUxAAIpgBCg9TZWN1cml0eUNvbnRleHQSKAoGcnVuX2FzGAEgASgLMhguZmx5dGVpZGwyLmNvcmUuSWRlbnRpdHkSJwoHc2VjcmV0cxgCIAMoCzIWLmZseXRlaWRsMi5jb3JlLlNlY3JldBIyCgZ0b2tlbnMYAyADKAsyIi5mbHl0ZWlkbDIuY29yZS5PQXV0aDJUb2tlblJlcXVlc3RCsgEKEmNvbS5mbHl0ZWlkbDIuY29yZUINU2VjdXJpdHlQcm90b0gCUAFaMmdpdGh1Yi5jb20vZmx5dGVvcmcvZmx5dGUvdjIvZ2VuL2dvL2ZseXRlaWRsMi9jb3JlogIDRkNYqgIORmx5dGVpZGwyLkNvcmXKAg5GbHl0ZWlkbDJcQ29yZeICGkZseXRlaWRsMlxDb3JlXEdQQk1ldGFkYXRh6gIPRmx5dGVpZGwyOjpDb3JlYgZwcm90bzM");
+
+/**
+ * Secret encapsulates information about the secret a task needs to proceed. An environment variable
+ * FLYTE_SECRETS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if
+ * secrets are passed through environment variables.
+ * FLYTE_SECRETS_DEFAULT_DIR will be passed to indicate the prefix of the path where secrets will be mounted if secrets
+ * are passed through file mounts.
+ *
+ * @generated from message flyteidl2.core.Secret
+ */
+export type Secret = Message<"flyteidl2.core.Secret"> & {
+  /**
+   * The name of the secret group where to find the key referenced below. For K8s secrets, this should be the name of
+   * the v1/secret object. For Confidant, this should be the Credential name. For Vault, this should be the secret name.
+   * For AWS Secret Manager, this should be the name of the secret.
+   * +required
+   *
+   * @generated from field: string group = 1;
+   */
+  group: string;
+
+  /**
+   * The group version to fetch. This is not supported in all secret management systems. It'll be ignored for the ones
+   * that do not support it.
+   * +optional
+   *
+   * @generated from field: string group_version = 2;
+   */
+  groupVersion: string;
+
+  /**
+   * The name of the secret to mount. This has to match an existing secret in the system. It's up to the implementation
+   * of the secret management system to require case sensitivity. For K8s secrets, Confidant and Vault, this should
+   * match one of the keys inside the secret. For AWS Secret Manager, it's ignored.
+   * +optional
+   *
+   * @generated from field: string key = 3;
+   */
+  key: string;
+
+  /**
+   * mount_requirement is optional. Indicates where the secret has to be mounted. If provided, the execution will fail
+   * if the underlying key management system cannot satisfy that requirement. If not provided, the default location
+   * will depend on the key management system.
+   * +optional
+   *
+   * @generated from field: flyteidl2.core.Secret.MountType mount_requirement = 4;
+   */
+  mountRequirement: Secret_MountType;
+
+  /**
+   * env_var is optional. Custom environment variable to set the value of the secret. If mount_requirement is ENV_VAR,
+   * then the value is the secret itself. If mount_requirement is FILE, then the value is the path to the secret file.
+   * +optional
+   *
+   * @generated from field: string env_var = 5;
+   */
+  envVar: string;
+};
+
+/**
+ * Describes the message flyteidl2.core.Secret.
+ * Use `create(SecretSchema)` to create a new message.
+ */
+export const SecretSchema: GenMessage<Secret> = /*@__PURE__*/
+  messageDesc(file_flyteidl2_core_security, 0);
+
+/**
+ * @generated from enum flyteidl2.core.Secret.MountType
+ */
+export enum Secret_MountType {
+  /**
+   * Default case, indicates the client can tolerate either mounting options.
+   *
+   * @generated from enum value: ANY = 0;
+   */
+  ANY = 0,
+
+  /**
+   * ENV_VAR indicates the secret needs to be mounted as an environment variable.
+   *
+   * @generated from enum value: ENV_VAR = 1;
+   */
+  ENV_VAR = 1,
+
+  /**
+   * FILE indicates the secret needs to be mounted as a file.
+   *
+   * @generated from enum value: FILE = 2;
+   */
+  FILE = 2,
+}
+
+/**
+ * Describes the enum flyteidl2.core.Secret.MountType.
+ */
+export const Secret_MountTypeSchema: GenEnum<Secret_MountType> = /*@__PURE__*/
+  enumDesc(file_flyteidl2_core_security, 0, 0);
+
+/**
+ * OAuth2Client encapsulates OAuth2 Client Credentials to be used when making calls on behalf of that task.
+ *
+ * @generated from message flyteidl2.core.OAuth2Client
+ */
+export type OAuth2Client = Message<"flyteidl2.core.OAuth2Client"> & {
+  /**
+   * client_id is the public id for the client to use. The system will not perform any pre-auth validation that the
+   * secret requested matches the client_id indicated here.
+   * +required
+   *
+   * @generated from field: string client_id = 1;
+   */
+  clientId: string;
+
+  /**
+   * client_secret is a reference to the secret used to authenticate the OAuth2 client.
+   * +required
+   *
+   * @generated from field: flyteidl2.core.Secret client_secret = 2;
+   */
+  clientSecret?: Secret;
+};
+
+/**
+ * Describes the message flyteidl2.core.OAuth2Client.
+ * Use `create(OAuth2ClientSchema)` to create a new message.
+ */
+export const OAuth2ClientSchema: GenMessage<OAuth2Client> = /*@__PURE__*/
+  messageDesc(file_flyteidl2_core_security, 1);
+
+/**
+ * Identity encapsulates the various security identities a task can run as. It's up to the underlying plugin to pick the
+ * right identity for the execution environment.
+ *
+ * @generated from message flyteidl2.core.Identity
+ */
+export type Identity = Message<"flyteidl2.core.Identity"> & {
+  /**
+   * iam_role references the fully qualified name of Identity & Access Management role to impersonate.
+   *
+   * @generated from field: string iam_role = 1;
+   */
+  iamRole: string;
+
+  /**
+   * k8s_service_account references a kubernetes service account to impersonate.
+   *
+   * @generated from field: string k8s_service_account = 2;
+   */
+  k8sServiceAccount: string;
+
+  /**
+   * oauth2_client references an oauth2 client. Backend plugins can use this information to impersonate the client when
+   * making external calls.
+   *
+   * @generated from field: flyteidl2.core.OAuth2Client oauth2_client = 3;
+   */
+  oauth2Client?: OAuth2Client;
+
+  /**
+   * execution_identity references the subject who makes the execution
+   *
+   * @generated from field: string execution_identity = 4;
+   */
+  executionIdentity: string;
+};
+
+/**
+ * Describes the message flyteidl2.core.Identity.
+ * Use `create(IdentitySchema)` to create a new message.
+ */
+export const IdentitySchema: GenMessage<Identity> = /*@__PURE__*/
+  messageDesc(file_flyteidl2_core_security, 2);
+
+/**
+ * OAuth2TokenRequest encapsulates information needed to request an OAuth2 token.
+ * FLYTE_TOKENS_ENV_PREFIX will be passed to indicate the prefix of the environment variables that will be present if
+ * tokens are passed through environment variables.
+ * FLYTE_TOKENS_PATH_PREFIX will be passed to indicate the prefix of the path where secrets will be mounted if tokens
+ * are passed through file mounts.
+ *
+ * @generated from message flyteidl2.core.OAuth2TokenRequest
+ */
+export type OAuth2TokenRequest = Message<"flyteidl2.core.OAuth2TokenRequest"> & {
+  /**
+   * name indicates a unique id for the token request within this task token requests. It'll be used as a suffix for
+   * environment variables and as a filename for mounting tokens as files.
+   * +required
+   *
+   * @generated from field: string name = 1;
+   */
+  name: string;
+
+  /**
+   * type indicates the type of the request to make. Defaults to CLIENT_CREDENTIALS.
+   * +required
+   *
+   * @generated from field: flyteidl2.core.OAuth2TokenRequest.Type type = 2;
+   */
+  type: OAuth2TokenRequest_Type;
+
+  /**
+   * client references the client_id/secret to use to request the OAuth2 token.
+   * +required
+   *
+   * @generated from field: flyteidl2.core.OAuth2Client client = 3;
+   */
+  client?: OAuth2Client;
+
+  /**
+   * idp_discovery_endpoint references the discovery endpoint used to retrieve token endpoint and other related
+   * information.
+   * +optional
+   *
+   * @generated from field: string idp_discovery_endpoint = 4;
+   */
+  idpDiscoveryEndpoint: string;
+
+  /**
+   * token_endpoint references the token issuance endpoint. If idp_discovery_endpoint is not provided, this parameter is
+   * mandatory.
+   * +optional
+   *
+   * @generated from field: string token_endpoint = 5;
+   */
+  tokenEndpoint: string;
+};
+
+/**
+ * Describes the message flyteidl2.core.OAuth2TokenRequest.
+ * Use `create(OAuth2TokenRequestSchema)` to create a new message.
+ */
+export const OAuth2TokenRequestSchema: GenMessage<OAuth2TokenRequest> = /*@__PURE__*/
+  messageDesc(file_flyteidl2_core_security, 3);
+
+/**
+ * Type of the token requested.
+ *
+ * @generated from enum flyteidl2.core.OAuth2TokenRequest.Type
+ */
+export enum OAuth2TokenRequest_Type {
+  /**
+   * CLIENT_CREDENTIALS indicates a 2-legged OAuth token requested using client credentials.
+   *
+   * @generated from enum value: CLIENT_CREDENTIALS = 0;
+   */
+  CLIENT_CREDENTIALS = 0,
+}
+
+/**
+ * Describes the enum flyteidl2.core.OAuth2TokenRequest.Type.
+ */
+export const OAuth2TokenRequest_TypeSchema: GenEnum<OAuth2TokenRequest_Type> = /*@__PURE__*/
+  enumDesc(file_flyteidl2_core_security, 3, 0);
+
+/**
+ * SecurityContext holds security attributes that apply to tasks.
+ *
+ * @generated from message flyteidl2.core.SecurityContext
+ */
+export type SecurityContext = Message<"flyteidl2.core.SecurityContext"> & {
+  /**
+   * run_as encapsulates the identity a pod should run as. If the task fills in multiple fields here, it'll be up to the
+   * backend plugin to choose the appropriate identity for the execution engine the task will run on.
+   *
+   * @generated from field: flyteidl2.core.Identity run_as = 1;
+   */
+  runAs?: Identity;
+
+  /**
+   * secrets indicate the list of secrets the task needs in order to proceed. Secrets will be mounted/passed to the
+   * pod as it starts. If the plugin responsible for kicking of the task will not run it on a flyte cluster (e.g. AWS
+   * Batch), it's the responsibility of the plugin to fetch the secret (which means propeller identity will need access
+   * to the secret) and to pass it to the remote execution engine.
+   *
+   * @generated from field: repeated flyteidl2.core.Secret secrets = 2;
+   */
+  secrets: Secret[];
+
+  /**
+   * tokens indicate the list of token requests the task needs in order to proceed. Tokens will be mounted/passed to the
+   * pod as it starts. If the plugin responsible for kicking of the task will not run it on a flyte cluster (e.g. AWS
+   * Batch), it's the responsibility of the plugin to fetch the secret (which means propeller identity will need access
+   * to the secret) and to pass it to the remote execution engine.
+   *
+   * @generated from field: repeated flyteidl2.core.OAuth2TokenRequest tokens = 3;
+   */
+  tokens: OAuth2TokenRequest[];
+};
+
+/**
+ * Describes the message flyteidl2.core.SecurityContext.
+ * Use `create(SecurityContextSchema)` to create a new message.
+ */
+export const SecurityContextSchema: GenMessage<SecurityContext> = /*@__PURE__*/
+  messageDesc(file_flyteidl2_core_security, 4);
+