[#17] acl: Add impersonate flag to bearer token

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-02-21 11:23:08 +03:00 · 2023-02-21 11:23:08 +03:00 · b3ccd0166f
commit b3ccd0166f
parent 5f318f0b75
6 changed files with 80 additions and 40 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,8 @@
 ## [Unreleased]

 ### Added
+- Add impersonate flag to bearer token (#17)
+
 ### Fixed
 ### Changed
 ### Updated
--- a/acl/convert.go
+++ b/acl/convert.go
@ -427,6 +427,7 @@ func (bt *BearerTokenBody) ToGRPCMessage() grpc.Message {
 		m.SetOwnerId(bt.ownerID.ToGRPCMessage().(*refsGRPC.OwnerID))
 		m.SetLifetime(bt.lifetime.ToGRPCMessage().(*acl.BearerToken_Body_TokenLifetime))
 		m.SetEaclTable(bt.eacl.ToGRPCMessage().(*acl.EACLTable))
+		m.SetImpersonate(bt.impersonate)
 	}

 	return m
@ -479,6 +480,8 @@ func (bt *BearerTokenBody) FromGRPCMessage(m grpc.Message) error {
 		err = bt.eacl.FromGRPCMessage(eacl)
 	}

+	bt.impersonate = v.GetAllowImpersonate()
+
 	return err
 }

--- a/acl/grpc/types.go
+++ b/acl/grpc/types.go
@ -84,6 +84,11 @@ func (m *BearerToken_Body) SetLifetime(v *BearerToken_Body_TokenLifetime) {
 	m.Lifetime = v
 }

+// SetImpersonate allows impersonate.
+func (m *BearerToken_Body) SetImpersonate(v bool) {
+	m.AllowImpersonate = v
+}
+
 // SetBody sets bearer token body.
 func (m *BearerToken) SetBody(v *BearerToken_Body) {
 	m.Body = v
--- a/acl/grpc/types.pb.go
+++ b/acl/grpc/types.pb.go
@ -712,6 +712,9 @@ type BearerToken_Body struct {
 	OwnerId *grpc.OwnerID `protobuf:"bytes,2,opt,name=owner_id,json=ownerID,proto3" json:"owner_id,omitempty"`
 	// Token expiration and valid time period parameters
 	Lifetime *BearerToken_Body_TokenLifetime `protobuf:"bytes,3,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
+	// AllowImpersonate flag to consider token signer as request owner.
+	// If this field is true extended ACL table in token body isn't processed.
+	AllowImpersonate bool `protobuf:"varint,4,opt,name=allow_impersonate,json=allowImpersonate,proto3" json:"allow_impersonate,omitempty"`
 }

 func (x *BearerToken_Body) Reset() {
@ -767,6 +770,13 @@ func (x *BearerToken_Body) GetLifetime() *BearerToken_Body_TokenLifetime {
 	return nil
 }

+func (x *BearerToken_Body) GetAllowImpersonate() bool {
+	if x != nil {
+		return x.AllowImpersonate
+	}
+	return false
+}
+
 // Lifetime parameters of the token. Field names taken from
 // [rfc7519](https://tools.ietf.org/html/rfc7519).
 type BearerToken_Body_TokenLifetime struct {
@ -883,14 +893,14 @@ var file_acl_grpc_types_proto_rawDesc = []byte{
 	0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6e, 0x65,
 	0x6f, 0x2e, 0x66, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x45, 0x41, 0x43, 0x4c,
 	0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x22,
-	0x83, 0x03, 0x0a, 0x0b, 0x42, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12,
+	0xb0, 0x03, 0x0a, 0x0b, 0x42, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12,
 	0x33, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
 	0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x42, 0x65,
 	0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x04,
 	0x62, 0x6f, 0x64, 0x79, 0x12, 0x37, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
 	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73,
 	0x2e, 0x76, 0x32, 0x2e, 0x72, 0x65, 0x66, 0x73, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
-	0x72, 0x65, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x1a, 0x85, 0x02,
+	0x72, 0x65, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x1a, 0xb2, 0x02,
 	0x0a, 0x04, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x37, 0x0a, 0x0a, 0x65, 0x61, 0x63, 0x6c, 0x5f, 0x74,
 	0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6e, 0x65, 0x6f,
 	0x2e, 0x66, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x45, 0x41, 0x43, 0x4c, 0x54,
@ -902,43 +912,46 @@ var file_acl_grpc_types_proto_rawDesc = []byte{
 	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73, 0x2e, 0x76,
 	0x32, 0x2e, 0x61, 0x63, 0x6c, 0x2e, 0x42, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65,
 	0x6e, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x66, 0x65,
-	0x74, 0x69, 0x6d, 0x65, 0x52, 0x08, 0x6c, 0x69, 0x66, 0x65, 0x74, 0x69, 0x6d, 0x65, 0x1a, 0x45,
-	0x0a, 0x0d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x66, 0x65, 0x74, 0x69, 0x6d, 0x65, 0x12,
-	0x10, 0x0a, 0x03, 0x65, 0x78, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x65, 0x78,
-	0x70, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x62, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03,
-	0x6e, 0x62, 0x66, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04,
-	0x52, 0x03, 0x69, 0x61, 0x74, 0x2a, 0x3e, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x14, 0x0a,
-	0x10, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
-	0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x55, 0x53, 0x45, 0x52, 0x10, 0x01, 0x12, 0x0a, 0x0a,
-	0x06, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x4f, 0x54, 0x48,
-	0x45, 0x52, 0x53, 0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x09, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79,
-	0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10,
-	0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x45, 0x51, 0x55, 0x41, 0x4c, 0x10, 0x01,
-	0x12, 0x14, 0x0a, 0x10, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45,
-	0x51, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x7a, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07,
-	0x0a, 0x03, 0x47, 0x45, 0x54, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x45, 0x41, 0x44, 0x10,
-	0x02, 0x12, 0x07, 0x0a, 0x03, 0x50, 0x55, 0x54, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45,
-	0x4c, 0x45, 0x54, 0x45, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x41, 0x52, 0x43, 0x48,
-	0x10, 0x05, 0x12, 0x0c, 0x0a, 0x08, 0x47, 0x45, 0x54, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x06,
-	0x12, 0x10, 0x0a, 0x0c, 0x47, 0x45, 0x54, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x48, 0x41, 0x53, 0x48,
-	0x10, 0x07, 0x2a, 0x35, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12,
-	0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12,
-	0x08, 0x0a, 0x04, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x02, 0x2a, 0x4a, 0x0a, 0x0a, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x44, 0x45,
-	0x52, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x0b, 0x0a, 0x07, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06,
-	0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x52, 0x56,
-	0x49, 0x43, 0x45, 0x10, 0x03, 0x42, 0x58, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, 0x6f,
-	0x73, 0x74, 0x66, 0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c,
-	0x6f, 0x75, 0x64, 0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x61,
-	0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x67, 0x72, 0x70,
-	0x63, 0x3b, 0x61, 0x63, 0x6c, 0xaa, 0x02, 0x17, 0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65,
-	0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2e, 0x41, 0x50, 0x49, 0x2e, 0x41, 0x63, 0x6c, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x69, 0x6d, 0x65, 0x52, 0x08, 0x6c, 0x69, 0x66, 0x65, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x2b,
+	0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x69, 0x6d, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e,
+	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x61, 0x6c, 0x6c, 0x6f, 0x77,
+	0x49, 0x6d, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x74, 0x65, 0x1a, 0x45, 0x0a, 0x0d, 0x54,
+	0x6f, 0x6b, 0x65, 0x6e, 0x4c, 0x69, 0x66, 0x65, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03,
+	0x65, 0x78, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x65, 0x78, 0x70, 0x12, 0x10,
+	0x0a, 0x03, 0x6e, 0x62, 0x66, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6e, 0x62, 0x66,
+	0x12, 0x10, 0x0a, 0x03, 0x69, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x69,
+	0x61, 0x74, 0x2a, 0x3e, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x4f,
+	0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
+	0x12, 0x08, 0x0a, 0x04, 0x55, 0x53, 0x45, 0x52, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x59,
+	0x53, 0x54, 0x45, 0x4d, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x53,
+	0x10, 0x03, 0x2a, 0x4f, 0x0a, 0x09, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x1a, 0x0a, 0x16, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x53,
+	0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x45, 0x51, 0x55, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x14, 0x0a,
+	0x10, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x51, 0x55, 0x41,
+	0x4c, 0x10, 0x02, 0x2a, 0x7a, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x19, 0x0a, 0x15, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x47,
+	0x45, 0x54, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x45, 0x41, 0x44, 0x10, 0x02, 0x12, 0x07,
+	0x0a, 0x03, 0x50, 0x55, 0x54, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x4c, 0x45, 0x54,
+	0x45, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x41, 0x52, 0x43, 0x48, 0x10, 0x05, 0x12,
+	0x0c, 0x0a, 0x08, 0x47, 0x45, 0x54, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x06, 0x12, 0x10, 0x0a,
+	0x0c, 0x47, 0x45, 0x54, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x48, 0x41, 0x53, 0x48, 0x10, 0x07, 0x2a,
+	0x35, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04,
+	0x44, 0x45, 0x4e, 0x59, 0x10, 0x02, 0x2a, 0x4a, 0x0a, 0x0a, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x5f, 0x55,
+	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4f, 0x42, 0x4a,
+	0x45, 0x43, 0x54, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45,
+	0x10, 0x03, 0x42, 0x58, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66,
+	0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64,
+	0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x61, 0x70, 0x69, 0x2d,
+	0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x63, 0x6c, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x61,
+	0x63, 0x6c, 0xaa, 0x02, 0x17, 0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f,
+	0x72, 0x61, 0x67, 0x65, 0x2e, 0x41, 0x50, 0x49, 0x2e, 0x41, 0x63, 0x6c, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }

 var (
--- a/acl/marshal.go
+++ b/acl/marshal.go
@ -31,6 +31,7 @@ const (
 	bearerTokenBodyACLField      = 1
 	bearerTokenBodyOwnerField    = 2
 	bearerTokenBodyLifetimeField = 3
+	bearerTokenBodyImpersonate   = 4

 	bearerTokenBodyField      = 1
 	bearerTokenSignatureField = 2
@ -251,7 +252,8 @@ func (bt *BearerTokenBody) StableMarshal(buf []byte) []byte {

 	offset += protoutil.NestedStructureMarshal(bearerTokenBodyACLField, buf[offset:], bt.eacl)
 	offset += protoutil.NestedStructureMarshal(bearerTokenBodyOwnerField, buf[offset:], bt.ownerID)
-	protoutil.NestedStructureMarshal(bearerTokenBodyLifetimeField, buf[offset:], bt.lifetime)
+	offset += protoutil.NestedStructureMarshal(bearerTokenBodyLifetimeField, buf[offset:], bt.lifetime)
+	protoutil.BoolMarshal(bearerTokenBodyImpersonate, buf[offset:], bt.impersonate)

 	return buf
 }
@ -264,6 +266,7 @@ func (bt *BearerTokenBody) StableSize() (size int) {
 	size += protoutil.NestedStructureSize(bearerTokenBodyACLField, bt.eacl)
 	size += protoutil.NestedStructureSize(bearerTokenBodyOwnerField, bt.ownerID)
 	size += protoutil.NestedStructureSize(bearerTokenBodyLifetimeField, bt.lifetime)
+	size += protoutil.BoolSize(bearerTokenBodyImpersonate, bt.impersonate)

 	return size
 }
--- a/acl/types.go
+++ b/acl/types.go
@ -52,6 +52,8 @@ type BearerTokenBody struct {
 	ownerID *refs.OwnerID

 	lifetime *TokenLifetime
+
+	impersonate bool
 }

 type BearerToken struct {
@ -340,6 +342,18 @@ func (bt *BearerTokenBody) SetLifetime(v *TokenLifetime) {
 	bt.lifetime = v
 }

+func (bt *BearerTokenBody) GetImpersonate() bool {
+	if bt != nil {
+		return bt.impersonate
+	}
+
+	return false
+}
+
+func (bt *BearerTokenBody) SetImpersonate(v bool) {
+	bt.impersonate = v
+}
+
 func (bt *BearerToken) GetBody() *BearerTokenBody {
 	if bt != nil {
 		return bt.body