diff --git a/Makefile b/Makefile index a64b799a6..752f18d66 100644 --- a/Makefile +++ b/Makefile @@ -182,20 +182,28 @@ ember-dist-dev: static-dist: ember-dist static-dist-dev: ember-dist-dev -proto: - protoc vault/*.proto --go_out=plugins=grpc,paths=source_relative:. - protoc vault/activity/activity_log.proto --go_out=plugins=grpc,paths=source_relative:. - protoc helper/storagepacker/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc helper/forwarding/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc sdk/logical/*.proto --go_out=plugins=grpc,paths=source_relative:. - protoc physical/raft/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc helper/identity/mfa/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc helper/identity/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc sdk/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:. - protoc sdk/database/dbplugin/v5/proto/*.proto --go_out=plugins=grpc,paths=source_relative:. - protoc sdk/plugin/pb/*.proto --go_out=plugins=grpc,paths=source_relative:. +proto: bootstrap + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/*.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/activity/activity_log.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/storagepacker/types.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/forwarding/types.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/logical/*.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative physical/raft/types.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/identity/mfa/types.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/identity/types.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/database/dbplugin/*.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/database/dbplugin/v5/proto/*.proto + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/plugin/pb/*.proto + + # No additional sed expressions should be added to this list. Going forward + # we should just use the variable names choosen by protobuf. These are left + # here for backwards compatability, namely for SDK compilation. sed -i -e 's/Id/ID/' vault/request_forwarding_service.pb.go - sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go vault/activity/activity_log.pb.go + sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go vault/activity/activity_log.pb.go + + # This will inject the sentinel struct tags as decorated in the proto files. + protoc-go-inject-tag -input=./helper/identity/types.pb.go + protoc-go-inject-tag -input=./helper/identity/mfa/types.pb.go fmtcheck: @true diff --git a/go.mod b/go.mod index 559f7b109..cff1cd611 100644 --- a/go.mod +++ b/go.mod @@ -46,6 +46,7 @@ require ( github.com/dustin/go-humanize v1.0.0 github.com/fatih/color v1.11.0 github.com/fatih/structs v1.1.0 + github.com/favadi/protoc-go-inject-tag v1.3.0 // indirect github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/go-errors/errors v1.0.1 github.com/go-ldap/ldap/v3 v3.2.4 @@ -197,6 +198,7 @@ require ( google.golang.org/api v0.29.0 google.golang.org/genproto v0.0.0-20210928142010-c7af6a1a74c9 // indirect google.golang.org/grpc v1.41.0 + google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 // indirect google.golang.org/protobuf v1.27.1 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce gopkg.in/ory-am/dockertest.v3 v3.3.4 diff --git a/go.sum b/go.sum index 53685c17e..20e1653a1 100644 --- a/go.sum +++ b/go.sum @@ -357,6 +357,8 @@ github.com/fatih/color v1.11.0 h1:l4iX0RqNnx/pU7rY2DB/I+znuYY0K3x6Ywac6EIr0PA= github.com/fatih/color v1.11.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/favadi/protoc-go-inject-tag v1.3.0 h1:JPrmsmc/uBShG85uY5xGZIa5WJ0IaNZn6LZhQR9tIQE= +github.com/favadi/protoc-go-inject-tag v1.3.0/go.mod h1:SSkUBgfqw2IJ2p7NPNKWk0Idwxt/qIt2LQgFPUgRGtc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.4.0/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ= @@ -1638,6 +1640,8 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0 h1:f+PlOh7QV4iIJkPrx5NQ7qaNGFQ3OTse67yaDHfju4E= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 h1:M1YKkFIboKNieVO5DLUEVzQfGwJD30Nv2jfUgzb5UcE= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/helper/identity/mfa/types.pb.go b/helper/identity/mfa/types.pb.go index 19724c2ee..5e5bf2a85 100644 --- a/helper/identity/mfa/types.pb.go +++ b/helper/identity/mfa/types.pb.go @@ -29,17 +29,24 @@ type Config struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type string `sentinel:"" protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - ID string `sentinel:"" protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty"` - MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` - UsernameFormat string `sentinel:"" protobuf:"bytes,5,opt,name=username_format,json=usernameFormat,proto3" json:"username_format,omitempty"` + // @inject_tag: sentinel:"-" + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + ID string `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + MountAccessor string `protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + UsernameFormat string `protobuf:"bytes,5,opt,name=username_format,json=usernameFormat,proto3" json:"username_format,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + // // Types that are assignable to Config: // *Config_TOTPConfig // *Config_OktaConfig // *Config_DuoConfig // *Config_PingIDConfig - Config isConfig_Config `protobuf_oneof:"config"` + Config isConfig_Config `protobuf_oneof:"config" sentinel:"-"` } func (x *Config) Reset() { @@ -149,19 +156,19 @@ type isConfig_Config interface { } type Config_TOTPConfig struct { - TOTPConfig *TOTPConfig `sentinel:"" protobuf:"bytes,6,opt,name=totp_config,json=totpConfig,proto3,oneof"` + TOTPConfig *TOTPConfig `protobuf:"bytes,6,opt,name=totp_config,json=totpConfig,proto3,oneof"` } type Config_OktaConfig struct { - OktaConfig *OktaConfig `sentinel:"" protobuf:"bytes,7,opt,name=okta_config,json=oktaConfig,proto3,oneof"` + OktaConfig *OktaConfig `protobuf:"bytes,7,opt,name=okta_config,json=oktaConfig,proto3,oneof"` } type Config_DuoConfig struct { - DuoConfig *DuoConfig `sentinel:"" protobuf:"bytes,8,opt,name=duo_config,json=duoConfig,proto3,oneof"` + DuoConfig *DuoConfig `protobuf:"bytes,8,opt,name=duo_config,json=duoConfig,proto3,oneof"` } type Config_PingIDConfig struct { - PingIDConfig *PingIDConfig `sentinel:"" protobuf:"bytes,9,opt,name=pingid_config,json=pingidConfig,proto3,oneof"` + PingIDConfig *PingIDConfig `protobuf:"bytes,9,opt,name=pingid_config,json=pingidConfig,proto3,oneof"` } func (*Config_TOTPConfig) isConfig_Config() {} @@ -182,13 +189,20 @@ type TOTPConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Issuer string `sentinel:"" protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` - Period uint32 `sentinel:"" protobuf:"varint,2,opt,name=period,proto3" json:"period,omitempty"` - Algorithm int32 `sentinel:"" protobuf:"varint,3,opt,name=algorithm,proto3" json:"algorithm,omitempty"` - Digits int32 `sentinel:"" protobuf:"varint,4,opt,name=digits,proto3" json:"digits,omitempty"` - Skew uint32 `sentinel:"" protobuf:"varint,5,opt,name=skew,proto3" json:"skew,omitempty"` - KeySize uint32 `sentinel:"" protobuf:"varint,6,opt,name=key_size,json=keySize,proto3" json:"key_size,omitempty"` - QRSize int32 `sentinel:"" protobuf:"varint,7,opt,name=qr_size,json=qrSize,proto3" json:"qr_size,omitempty"` + // @inject_tag: sentinel:"-" + Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Period uint32 `protobuf:"varint,2,opt,name=period,proto3" json:"period,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Algorithm int32 `protobuf:"varint,3,opt,name=algorithm,proto3" json:"algorithm,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Digits int32 `protobuf:"varint,4,opt,name=digits,proto3" json:"digits,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Skew uint32 `protobuf:"varint,5,opt,name=skew,proto3" json:"skew,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + KeySize uint32 `protobuf:"varint,6,opt,name=key_size,json=keySize,proto3" json:"key_size,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + QRSize int32 `protobuf:"varint,7,opt,name=qr_size,json=qrSize,proto3" json:"qr_size,omitempty" sentinel:"-"` } func (x *TOTPConfig) Reset() { @@ -279,10 +293,14 @@ type DuoConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - IntegrationKey string `sentinel:"" protobuf:"bytes,1,opt,name=integration_key,json=integrationKey,proto3" json:"integration_key,omitempty"` - SecretKey string `sentinel:"" protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"` - APIHostname string `sentinel:"" protobuf:"bytes,3,opt,name=api_hostname,json=apiHostname,proto3" json:"api_hostname,omitempty"` - PushInfo string `sentinel:"" protobuf:"bytes,4,opt,name=push_info,json=pushInfo,proto3" json:"push_info,omitempty"` + // @inject_tag: sentinel:"-" + IntegrationKey string `protobuf:"bytes,1,opt,name=integration_key,json=integrationKey,proto3" json:"integration_key,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + SecretKey string `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + APIHostname string `protobuf:"bytes,3,opt,name=api_hostname,json=apiHostname,proto3" json:"api_hostname,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + PushInfo string `protobuf:"bytes,4,opt,name=push_info,json=pushInfo,proto3" json:"push_info,omitempty" sentinel:"-"` } func (x *DuoConfig) Reset() { @@ -352,11 +370,16 @@ type OktaConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - OrgName string `sentinel:"" protobuf:"bytes,1,opt,name=org_name,json=orgName,proto3" json:"org_name,omitempty"` - APIToken string `sentinel:"" protobuf:"bytes,2,opt,name=api_token,json=apiToken,proto3" json:"api_token,omitempty"` - Production bool `sentinel:"" protobuf:"varint,3,opt,name=production,proto3" json:"production,omitempty"` - BaseURL string `sentinel:"" protobuf:"bytes,4,opt,name=base_url,json=baseUrl,proto3" json:"base_url,omitempty"` - PrimaryEmail bool `sentinel:"" protobuf:"varint,5,opt,name=primary_email,json=primaryEmail,proto3" json:"primary_email,omitempty"` + // @inject_tag: sentinel:"-" + OrgName string `protobuf:"bytes,1,opt,name=org_name,json=orgName,proto3" json:"org_name,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + APIToken string `protobuf:"bytes,2,opt,name=api_token,json=apiToken,proto3" json:"api_token,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Production bool `protobuf:"varint,3,opt,name=production,proto3" json:"production,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + BaseURL string `protobuf:"bytes,4,opt,name=base_url,json=baseUrl,proto3" json:"base_url,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + PrimaryEmail bool `protobuf:"varint,5,opt,name=primary_email,json=primaryEmail,proto3" json:"primary_email,omitempty" sentinel:"-"` } func (x *OktaConfig) Reset() { @@ -432,13 +455,20 @@ type PingIDConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - UseBase64Key string `sentinel:"" protobuf:"bytes,1,opt,name=use_base64_key,json=useBase64Key,proto3" json:"use_base64_key,omitempty"` - UseSignature bool `sentinel:"" protobuf:"varint,2,opt,name=use_signature,json=useSignature,proto3" json:"use_signature,omitempty"` - Token string `sentinel:"" protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"` - IDPURL string `sentinel:"" protobuf:"bytes,4,opt,name=idp_url,json=idpUrl,proto3" json:"idp_url,omitempty"` - OrgAlias string `sentinel:"" protobuf:"bytes,5,opt,name=org_alias,json=orgAlias,proto3" json:"org_alias,omitempty"` - AdminURL string `sentinel:"" protobuf:"bytes,6,opt,name=admin_url,json=adminUrl,proto3" json:"admin_url,omitempty"` - AuthenticatorURL string `sentinel:"" protobuf:"bytes,7,opt,name=authenticator_url,json=authenticatorUrl,proto3" json:"authenticator_url,omitempty"` + // @inject_tag: sentinel:"-" + UseBase64Key string `protobuf:"bytes,1,opt,name=use_base64_key,json=useBase64Key,proto3" json:"use_base64_key,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + UseSignature bool `protobuf:"varint,2,opt,name=use_signature,json=useSignature,proto3" json:"use_signature,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Token string `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + IDPURL string `protobuf:"bytes,4,opt,name=idp_url,json=idpUrl,proto3" json:"idp_url,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + OrgAlias string `protobuf:"bytes,5,opt,name=org_alias,json=orgAlias,proto3" json:"org_alias,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + AdminURL string `protobuf:"bytes,6,opt,name=admin_url,json=adminUrl,proto3" json:"admin_url,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + AuthenticatorURL string `protobuf:"bytes,7,opt,name=authenticator_url,json=authenticatorUrl,proto3" json:"authenticator_url,omitempty" sentinel:"-"` } func (x *PingIDConfig) Reset() { @@ -529,7 +559,8 @@ type Secret struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - MethodName string `sentinel:"" protobuf:"bytes,1,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"` + // @inject_tag: sentinel:"-" + MethodName string `protobuf:"bytes,1,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty" sentinel:"-"` // Types that are assignable to Value: // *Secret_TOTPSecret Value isSecret_Value `protobuf_oneof:"value"` @@ -593,7 +624,8 @@ type isSecret_Value interface { } type Secret_TOTPSecret struct { - TOTPSecret *TOTPSecret `sentinel:"" protobuf:"bytes,2,opt,name=totp_secret,json=totpSecret,proto3,oneof"` + // @inject_tag: sentinel:"-" + TOTPSecret *TOTPSecret `protobuf:"bytes,2,opt,name=totp_secret,json=totpSecret,proto3,oneof" sentinel:"-"` } func (*Secret_TOTPSecret) isSecret_Value() {} @@ -606,15 +638,23 @@ type TOTPSecret struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Issuer string `sentinel:"" protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` - Period uint32 `sentinel:"" protobuf:"varint,2,opt,name=period,proto3" json:"period,omitempty"` - Algorithm int32 `sentinel:"" protobuf:"varint,3,opt,name=algorithm,proto3" json:"algorithm,omitempty"` - Digits int32 `sentinel:"" protobuf:"varint,4,opt,name=digits,proto3" json:"digits,omitempty"` - Skew uint32 `sentinel:"" protobuf:"varint,5,opt,name=skew,proto3" json:"skew,omitempty"` - KeySize uint32 `sentinel:"" protobuf:"varint,6,opt,name=key_size,json=keySize,proto3" json:"key_size,omitempty"` + // @inject_tag: sentinel:"-" + Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Period uint32 `protobuf:"varint,2,opt,name=period,proto3" json:"period,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Algorithm int32 `protobuf:"varint,3,opt,name=algorithm,proto3" json:"algorithm,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Digits int32 `protobuf:"varint,4,opt,name=digits,proto3" json:"digits,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Skew uint32 `protobuf:"varint,5,opt,name=skew,proto3" json:"skew,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + KeySize uint32 `protobuf:"varint,6,opt,name=key_size,json=keySize,proto3" json:"key_size,omitempty" sentinel:"-"` // reserving 7 here just to keep parity with the config message above - AccountName string `sentinel:"" protobuf:"bytes,8,opt,name=account_name,json=accountName,proto3" json:"account_name,omitempty"` - Key string `sentinel:"" protobuf:"bytes,9,opt,name=key,proto3" json:"key,omitempty"` + // @inject_tag: sentinel:"-" + AccountName string `protobuf:"bytes,8,opt,name=account_name,json=accountName,proto3" json:"account_name,omitempty" sentinel:"-"` + // @inject_tag: sentinel:"-" + Key string `protobuf:"bytes,9,opt,name=key,proto3" json:"key,omitempty" sentinel:"-"` } func (x *TOTPSecret) Reset() { diff --git a/helper/identity/mfa/types.proto b/helper/identity/mfa/types.proto index 69ec7cb64..8358a6f5d 100644 --- a/helper/identity/mfa/types.proto +++ b/helper/identity/mfa/types.proto @@ -9,11 +9,17 @@ package mfa; // Configuration information differs by type. Handler of each type should know // what to expect from the Config field. message Config { + // @inject_tag: sentinel:"-" string type = 1; + // @inject_tag: sentinel:"-" string name = 2; + // @inject_tag: sentinel:"-" string id = 3; + // @inject_tag: sentinel:"-" string mount_accessor = 4; + // @inject_tag: sentinel:"-" string username_format = 5; + // @inject_tag: sentinel:"-" oneof config { TOTPConfig totp_config = 6; OktaConfig okta_config = 7; @@ -28,50 +34,75 @@ message Config { // by the information stored in the entity and not from the values in the // configuration. message TOTPConfig { + // @inject_tag: sentinel:"-" string issuer = 1; + // @inject_tag: sentinel:"-" uint32 period = 2; + // @inject_tag: sentinel:"-" int32 algorithm = 3; + // @inject_tag: sentinel:"-" int32 digits = 4; + // @inject_tag: sentinel:"-" uint32 skew = 5; + // @inject_tag: sentinel:"-" uint32 key_size = 6; + // @inject_tag: sentinel:"-" int32 qr_size = 7; } // DuoConfig represents the configuration information required to perform // Duo authentication. message DuoConfig { + // @inject_tag: sentinel:"-" string integration_key = 1; + // @inject_tag: sentinel:"-" string secret_key = 2; + // @inject_tag: sentinel:"-" string api_hostname = 3; + // @inject_tag: sentinel:"-" string push_info = 4; } // OktaConfig contains Okta configuration parameters required to perform Okta // authentication. message OktaConfig { + // @inject_tag: sentinel:"-" string org_name = 1; + // @inject_tag: sentinel:"-" string api_token = 2; + // @inject_tag: sentinel:"-" bool production = 3; + // @inject_tag: sentinel:"-" string base_url = 4; + // @inject_tag: sentinel:"-" bool primary_email = 5; } // PingIDConfig contains PingID configuration information message PingIDConfig { + // @inject_tag: sentinel:"-" string use_base64_key = 1; + // @inject_tag: sentinel:"-" bool use_signature = 2; + // @inject_tag: sentinel:"-" string token = 3; + // @inject_tag: sentinel:"-" string idp_url = 4; + // @inject_tag: sentinel:"-" string org_alias = 5; + // @inject_tag: sentinel:"-" string admin_url = 6; + // @inject_tag: sentinel:"-" string authenticator_url = 7; } // Secret represents all the types of secrets which the entity can hold. // Each MFA type should add a secret type to the oneof block in this message. message Secret { + // @inject_tag: sentinel:"-" string method_name = 1; oneof value { + // @inject_tag: sentinel:"-" TOTPSecret totp_secret = 2; } } @@ -80,13 +111,21 @@ message Secret { // particular MFA method. This information is used to validate the MFA // credential supplied over the API during request time. message TOTPSecret { + // @inject_tag: sentinel:"-" string issuer = 1; + // @inject_tag: sentinel:"-" uint32 period = 2; + // @inject_tag: sentinel:"-" int32 algorithm = 3; + // @inject_tag: sentinel:"-" int32 digits = 4; + // @inject_tag: sentinel:"-" uint32 skew = 5; + // @inject_tag: sentinel:"-" uint32 key_size = 6; // reserving 7 here just to keep parity with the config message above + // @inject_tag: sentinel:"-" string account_name = 8; + // @inject_tag: sentinel:"-" string key = 9; } diff --git a/helper/identity/types.pb.go b/helper/identity/types.pb.go index ce8431c01..424be9ef8 100644 --- a/helper/identity/types.pb.go +++ b/helper/identity/types.pb.go @@ -29,43 +29,56 @@ type Group struct { unknownFields protoimpl.UnknownFields // ID is the unique identifier for this group - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // @inject_tag: sentinel:"-" + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" sentinel:"-"` // Name is the unique name for this group - Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + // @inject_tag: sentinel:"-" + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty" sentinel:"-"` // Policies are the vault policies to be granted to members of this group - Policies []string `sentinel:"" protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"` + // @inject_tag: sentinel:"-" + Policies []string `protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty" sentinel:"-"` // ParentGroupIDs are the identifiers of those groups to which this group is a // member of. These will serve as references to the parent group in the // hierarchy. - ParentGroupIDs []string `sentinel:"" protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty"` + // @inject_tag: sentinel:"-" + ParentGroupIDs []string `protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty" sentinel:"-"` // MemberEntityIDs are the identifiers of entities which are members of this // group - MemberEntityIDs []string `sentinel:"" protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty"` + // @inject_tag: sentinel:"-" + MemberEntityIDs []string `protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty" sentinel:"-"` // Metadata represents the custom data tied with this group - Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // @inject_tag: sentinel:"-" + Metadata map[string]string `protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3" sentinel:"-"` // CreationTime is the time at which this group was created - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + // @inject_tag: sentinel:"-" + CreationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty" sentinel:"-"` // LastUpdateTime is the time at which this group was last modified - LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` + // @inject_tag: sentinel:"-" + LastUpdateTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty" sentinel:"-"` // ModifyIndex tracks the number of updates to the group. It is useful to detect // updates to the groups. - ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"` + // @inject_tag: sentinel:"-" + ModifyIndex uint64 `protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty" sentinel:"-"` // BucketKey is the path of the storage packer key into which this group is // stored. - BucketKey string `sentinel:"" protobuf:"bytes,10,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"` + // @inject_tag: sentinel:"-" + BucketKey string `protobuf:"bytes,10,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty" sentinel:"-"` // Alias is used to mark this group as an internal mapping of a group that // is external to the identity store. Alias can only be set if the 'type' // is set to 'external'. - Alias *Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"` + // @inject_tag: sentinel:"-" + Alias *Alias `protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty" sentinel:"-"` // Type indicates if this group is an internal group or an external group. // Memberships of the internal groups can be managed over the API whereas // the memberships on the external group --for which a corresponding alias // will be set-- will be managed automatically. - Type string `sentinel:"" protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty"` + // @inject_tag: sentinel:"-" + Type string `protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty" sentinel:"-"` // NamespaceID is the identifier of the namespace to which this group // belongs to. Do not return this value over the API when reading the // group. - NamespaceID string `sentinel:"" protobuf:"bytes,13,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + // @inject_tag: sentinel:"-" + NamespaceID string `protobuf:"bytes,13,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty" sentinel:"-"` } func (x *Group) Reset() { @@ -201,49 +214,61 @@ type Entity struct { // Aliases are the identities that this entity is made of. This can be // empty as well to favor being able to create the entity first and then // incrementally adding aliases. - Aliases []*Alias `sentinel:"" protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty"` + // @inject_tag: sentinel:"-" + Aliases []*Alias `protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty" sentinel:"-"` // ID is the unique identifier of the entity which always be a UUID. This // should never be allowed to be updated. - ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + // @inject_tag: sentinel:"-" + ID string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty" sentinel:"-"` // Name is a unique identifier of the entity which is intended to be // human-friendly. The default name might not be human friendly since it // gets suffixed by a UUID, but it can optionally be updated, unlike the ID // field. - Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // @inject_tag: sentinel:"-" + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty" sentinel:"-"` // Metadata represents the explicit metadata which is set by the // clients. This is useful to tie any information pertaining to the // aliases. This is a non-unique field of entity, meaning multiple // entities can have the same metadata set. Entities will be indexed based // on this explicit metadata. This enables virtual groupings of entities // based on its metadata. - Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // @inject_tag: sentinel:"-" + Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3" sentinel:"-"` // CreationTime is the time at which this entity is first created. - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + // @inject_tag: sentinel:"-" + CreationTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty" sentinel:"-"` // LastUpdateTime is the most recent time at which the properties of this // entity got modified. This is helpful in filtering out entities based on // its age and to take action on them, if desired. - LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` + // @inject_tag: sentinel:"-" + LastUpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty" sentinel:"-"` // MergedEntityIDs are the entities which got merged to this one. Entities // will be indexed based on all the entities that got merged into it. This // helps to apply the actions on this entity on the tokens that are merged // to the merged entities. Merged entities will be deleted entirely and // this is the only trackable trail of its earlier presence. - MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"` + // @inject_tag: sentinel:"-" + MergedEntityIDs []string `protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty" sentinel:"-"` // Policies the entity is entitled to - Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"` + // @inject_tag: sentinel:"-" + Policies []string `protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty" sentinel:"-"` // BucketKey is the path of the storage packer key into which this entity is // stored. - BucketKey string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"` + // @inject_tag: sentinel:"-" + BucketKey string `protobuf:"bytes,9,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty" sentinel:"-"` // MFASecrets holds the MFA secrets indexed by the identifier of the MFA // method configuration. - MFASecrets map[string]*mfa.Secret `sentinel:"" protobuf:"bytes,10,rep,name=mfa_secrets,json=mfaSecrets,proto3" json:"mfa_secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // @inject_tag: sentinel:"-" + MFASecrets map[string]*mfa.Secret `protobuf:"bytes,10,rep,name=mfa_secrets,json=mfaSecrets,proto3" json:"mfa_secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3" sentinel:"-"` // Disabled indicates whether tokens associated with the account should not // be able to be used - Disabled bool `sentinel:"" protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"` + // @inject_tag: sentinel:"-" + Disabled bool `protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty" sentinel:"-"` // NamespaceID is the identifier of the namespace to which this entity // belongs to. Do not return this value over the API when reading the // entity. - NamespaceID string `sentinel:"" protobuf:"bytes,12,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + // @inject_tag: sentinel:"-" + NamespaceID string `protobuf:"bytes,12,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty" sentinel:"-"` } func (x *Entity) Reset() { @@ -371,42 +396,54 @@ type Alias struct { unknownFields protoimpl.UnknownFields // ID is the unique identifier that represents this alias - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // @inject_tag: sentinel:"-" + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" sentinel:"-"` // CanonicalID is the entity identifier to which this alias belongs to - CanonicalID string `sentinel:"" protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty"` + // @inject_tag: sentinel:"-" + CanonicalID string `protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty" sentinel:"-"` // MountType is the backend mount's type to which this alias belongs to. // This enables categorically querying aliases of specific backend types. - MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` + // @inject_tag: sentinel:"-" + MountType string `protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty" sentinel:"-"` // MountAccessor is the backend mount's accessor to which this alias // belongs to. - MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` + // @inject_tag: sentinel:"-" + MountAccessor string `protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty" sentinel:"-"` // MountPath is the backend mount's path to which the Maccessor belongs to. This // field is not used for any operational purposes. This is only returned when // alias is read, only as a nicety. - MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` + // @inject_tag: sentinel:"-" + MountPath string `protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty" sentinel:"-"` // Metadata is the explicit metadata that clients set against an entity // which enables virtual grouping of aliases. Aliases will be indexed // against their metadata. - Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // @inject_tag: sentinel:"-" + Metadata map[string]string `protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3" sentinel:"-"` // Name is the identifier of this alias in its authentication source. // This does not uniquely identify an alias in Vault. This in conjunction // with MountAccessor form to be the factors that represent an alias in a // unique way. Aliases will be indexed based on this combined uniqueness // factor. - Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"` + // @inject_tag: sentinel:"-" + Name string `protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty" sentinel:"-"` // CreationTime is the time at which this alias was first created - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + // @inject_tag: sentinel:"-" + CreationTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty" sentinel:"-"` // LastUpdateTime is the most recent time at which the properties of this // alias got modified. This is helpful in filtering out aliases based // on its age and to take action on them, if desired. - LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` + // @inject_tag: sentinel:"-" + LastUpdateTime *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty" sentinel:"-"` // MergedFromCanonicalIDs is the FIFO history of merging activity - MergedFromCanonicalIDs []string `sentinel:"" protobuf:"bytes,10,rep,name=merged_from_canonical_ids,json=mergedFromCanonicalIds,proto3" json:"merged_from_canonical_ids,omitempty"` + // @inject_tag: sentinel:"-" + MergedFromCanonicalIDs []string `protobuf:"bytes,10,rep,name=merged_from_canonical_ids,json=mergedFromCanonicalIds,proto3" json:"merged_from_canonical_ids,omitempty" sentinel:"-"` // NamespaceID is the identifier of the namespace to which this alias // belongs. - NamespaceID string `sentinel:"" protobuf:"bytes,11,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + // @inject_tag: sentinel:"-" + NamespaceID string `protobuf:"bytes,11,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty" sentinel:"-"` // Custom Metadata represents the custom data tied to this alias - CustomMetadata map[string]string `sentinel:"" protobuf:"bytes,12,rep,name=customMetadata,proto3" json:"customMetadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // @inject_tag: sentinel:"-" + CustomMetadata map[string]string `protobuf:"bytes,12,rep,name=custom_metadata,json=customMetadata,proto3" json:"custom_metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3" sentinel:"-"` } func (x *Alias) Reset() { @@ -531,16 +568,16 @@ type EntityStorageEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Personas []*PersonaIndexEntry `sentinel:"" protobuf:"bytes,1,rep,name=personas,proto3" json:"personas,omitempty"` - ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` - Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` - LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` - MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"` - Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"` - BucketKeyHash string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"` - MFASecrets map[string]*mfa.Secret `sentinel:"" protobuf:"bytes,10,rep,name=mfa_secrets,json=mfaSecrets,proto3" json:"mfa_secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Personas []*PersonaIndexEntry `protobuf:"bytes,1,rep,name=personas,proto3" json:"personas,omitempty"` + ID string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + CreationTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + LastUpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` + MergedEntityIDs []string `protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"` + Policies []string `protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"` + BucketKeyHash string `protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"` + MFASecrets map[string]*mfa.Secret `protobuf:"bytes,10,rep,name=mfa_secrets,json=mfaSecrets,proto3" json:"mfa_secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *EntityStorageEntry) Reset() { @@ -651,16 +688,16 @@ type PersonaIndexEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - EntityID string `sentinel:"" protobuf:"bytes,2,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` - MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` - MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` - MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` - Metadata map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"` - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` - LastUpdateTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` - MergedFromEntityIDs []string `sentinel:"" protobuf:"bytes,10,rep,name=merged_from_entity_ids,json=mergedFromEntityIDs,proto3" json:"merged_from_entity_ids,omitempty"` + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + EntityID string `protobuf:"bytes,2,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + MountType string `protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` + MountAccessor string `protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` + MountPath string `protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` + Metadata map[string]string `protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Name string `protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"` + CreationTime *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + LastUpdateTime *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` + MergedFromEntityIDs []string `protobuf:"bytes,10,rep,name=merged_from_entity_ids,json=mergedFromEntityIDs,proto3" json:"merged_from_entity_ids,omitempty"` } func (x *PersonaIndexEntry) Reset() { @@ -851,7 +888,7 @@ var file_helper_identity_types_proto_rawDesc = []byte{ 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x21, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x6d, 0x66, 0x61, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa0, 0x05, 0x0a, 0x05, 0x41, 0x6c, 0x69, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa1, 0x05, 0x0a, 0x05, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, @@ -880,96 +917,96 @@ var file_helper_identity_types_proto_rawDesc = []byte{ 0x28, 0x09, 0x52, 0x16, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x4b, 0x0a, - 0x0e, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, - 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, - 0x2e, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, 0x63, 0x75, 0x73, 0x74, - 0x6f, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x41, 0x0a, 0x13, 0x43, 0x75, 0x73, 0x74, 0x6f, - 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x4c, 0x0a, + 0x0f, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x2e, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, 0x63, 0x75, 0x73, + 0x74, 0x6f, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x41, 0x0a, 0x13, 0x43, 0x75, 0x73, 0x74, + 0x6f, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x88, 0x05, 0x0a, 0x12, + 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x37, 0x0a, 0x08, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, + 0x50, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x08, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x46, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3f, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x10, 0x6c, 0x61, 0x73, 0x74, + 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, + 0x6c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x2a, + 0x0a, 0x11, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, + 0x69, 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x72, 0x67, 0x65, + 0x64, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, + 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x4d, + 0x0a, 0x0b, 0x6d, 0x66, 0x61, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x0a, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x4d, 0x66, 0x61, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0a, 0x6d, 0x66, 0x61, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x1a, 0x3b, 0x0a, + 0x0d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x88, 0x05, 0x0a, 0x12, 0x45, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x37, 0x0a, 0x08, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, - 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x08, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x46, - 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2a, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3f, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x10, 0x6c, 0x61, 0x73, 0x74, 0x5f, - 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x6c, - 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x2a, 0x0a, - 0x11, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, - 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, - 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x5f, - 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, - 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x4d, 0x0a, - 0x0b, 0x6d, 0x66, 0x61, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x4d, 0x66, 0x61, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x0a, 0x6d, 0x66, 0x61, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, - 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x4a, 0x0a, 0x0f, 0x4d, 0x66, + 0x61, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x4a, 0x0a, 0x0f, 0x4d, 0x66, 0x61, - 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x21, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, - 0x6d, 0x66, 0x61, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x03, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x73, 0x6f, 0x6e, - 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, - 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, - 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x1d, - 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x45, 0x0a, - 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x29, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, 0x65, 0x72, 0x73, 0x6f, - 0x6e, 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x10, 0x6c, 0x61, 0x73, - 0x74, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, - 0x33, 0x0a, 0x16, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x13, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x45, 0x6e, 0x74, 0x69, 0x74, - 0x79, 0x49, 0x64, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, - 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x2f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x21, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, + 0x2e, 0x6d, 0x66, 0x61, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf9, 0x03, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x73, 0x6f, + 0x6e, 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, + 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, + 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, + 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x45, + 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x29, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, 0x65, 0x72, 0x73, + 0x6f, 0x6e, 0x61, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x0d, 0x63, 0x72, 0x65, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x10, 0x6c, 0x61, + 0x73, 0x74, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x52, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, + 0x12, 0x33, 0x0a, 0x16, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x13, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x45, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x49, 0x64, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, + 0x2f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x2f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1015,7 +1052,7 @@ var file_helper_identity_types_proto_depIDxs = []int32{ 8, // 9: identity.Alias.metadata:type_name -> identity.Alias.MetadataEntry 13, // 10: identity.Alias.creation_time:type_name -> google.protobuf.Timestamp 13, // 11: identity.Alias.last_update_time:type_name -> google.protobuf.Timestamp - 9, // 12: identity.Alias.customMetadata:type_name -> identity.Alias.CustomMetadataEntry + 9, // 12: identity.Alias.custom_metadata:type_name -> identity.Alias.CustomMetadataEntry 4, // 13: identity.EntityStorageEntry.personas:type_name -> identity.PersonaIndexEntry 10, // 14: identity.EntityStorageEntry.metadata:type_name -> identity.EntityStorageEntry.MetadataEntry 13, // 15: identity.EntityStorageEntry.creation_time:type_name -> google.protobuf.Timestamp diff --git a/helper/identity/types.proto b/helper/identity/types.proto index d48b776e9..a748198f8 100644 --- a/helper/identity/types.proto +++ b/helper/identity/types.proto @@ -10,54 +10,67 @@ import "helper/identity/mfa/types.proto"; // Group represents an identity group. message Group { // ID is the unique identifier for this group + // @inject_tag: sentinel:"-" string id = 1; // Name is the unique name for this group + // @inject_tag: sentinel:"-" string name = 2; // Policies are the vault policies to be granted to members of this group + // @inject_tag: sentinel:"-" repeated string policies = 3; // ParentGroupIDs are the identifiers of those groups to which this group is a // member of. These will serve as references to the parent group in the // hierarchy. + // @inject_tag: sentinel:"-" repeated string parent_group_ids = 4; // MemberEntityIDs are the identifiers of entities which are members of this // group + // @inject_tag: sentinel:"-" repeated string member_entity_ids = 5; // Metadata represents the custom data tied with this group + // @inject_tag: sentinel:"-" map metadata = 6; // CreationTime is the time at which this group was created + // @inject_tag: sentinel:"-" google.protobuf.Timestamp creation_time = 7; // LastUpdateTime is the time at which this group was last modified + // @inject_tag: sentinel:"-" google.protobuf.Timestamp last_update_time= 8; // ModifyIndex tracks the number of updates to the group. It is useful to detect // updates to the groups. + // @inject_tag: sentinel:"-" uint64 modify_index = 9; // BucketKey is the path of the storage packer key into which this group is // stored. + // @inject_tag: sentinel:"-" string bucket_key = 10; // Alias is used to mark this group as an internal mapping of a group that // is external to the identity store. Alias can only be set if the 'type' // is set to 'external'. + // @inject_tag: sentinel:"-" Alias alias = 11; // Type indicates if this group is an internal group or an external group. // Memberships of the internal groups can be managed over the API whereas // the memberships on the external group --for which a corresponding alias // will be set-- will be managed automatically. + // @inject_tag: sentinel:"-" string type = 12; // NamespaceID is the identifier of the namespace to which this group // belongs to. Do not return this value over the API when reading the // group. + // @inject_tag: sentinel:"-" string namespace_id = 13; } @@ -67,16 +80,19 @@ message Entity { // Aliases are the identities that this entity is made of. This can be // empty as well to favor being able to create the entity first and then // incrementally adding aliases. + // @inject_tag: sentinel:"-" repeated Alias aliases = 1; // ID is the unique identifier of the entity which always be a UUID. This // should never be allowed to be updated. + // @inject_tag: sentinel:"-" string id = 2; // Name is a unique identifier of the entity which is intended to be // human-friendly. The default name might not be human friendly since it // gets suffixed by a UUID, but it can optionally be updated, unlike the ID // field. + // @inject_tag: sentinel:"-" string name = 3; // Metadata represents the explicit metadata which is set by the @@ -85,14 +101,17 @@ message Entity { // entities can have the same metadata set. Entities will be indexed based // on this explicit metadata. This enables virtual groupings of entities // based on its metadata. + // @inject_tag: sentinel:"-" map metadata = 4; // CreationTime is the time at which this entity is first created. + // @inject_tag: sentinel:"-" google.protobuf.Timestamp creation_time = 5; // LastUpdateTime is the most recent time at which the properties of this // entity got modified. This is helpful in filtering out entities based on // its age and to take action on them, if desired. + // @inject_tag: sentinel:"-" google.protobuf.Timestamp last_update_time= 6; // MergedEntityIDs are the entities which got merged to this one. Entities @@ -100,26 +119,32 @@ message Entity { // helps to apply the actions on this entity on the tokens that are merged // to the merged entities. Merged entities will be deleted entirely and // this is the only trackable trail of its earlier presence. + // @inject_tag: sentinel:"-" repeated string merged_entity_ids = 7; // Policies the entity is entitled to + // @inject_tag: sentinel:"-" repeated string policies = 8; // BucketKey is the path of the storage packer key into which this entity is // stored. + // @inject_tag: sentinel:"-" string bucket_key = 9; // MFASecrets holds the MFA secrets indexed by the identifier of the MFA // method configuration. + // @inject_tag: sentinel:"-" map mfa_secrets = 10; // Disabled indicates whether tokens associated with the account should not // be able to be used + // @inject_tag: sentinel:"-" bool disabled = 11; // NamespaceID is the identifier of the namespace to which this entity // belongs to. Do not return this value over the API when reading the // entity. + // @inject_tag: sentinel:"-" string namespace_id = 12; } @@ -128,27 +153,33 @@ message Entity { // alias object. message Alias { // ID is the unique identifier that represents this alias + // @inject_tag: sentinel:"-" string id = 1; // CanonicalID is the entity identifier to which this alias belongs to + // @inject_tag: sentinel:"-" string canonical_id = 2; // MountType is the backend mount's type to which this alias belongs to. // This enables categorically querying aliases of specific backend types. + // @inject_tag: sentinel:"-" string mount_type = 3; // MountAccessor is the backend mount's accessor to which this alias // belongs to. + // @inject_tag: sentinel:"-" string mount_accessor = 4; // MountPath is the backend mount's path to which the Maccessor belongs to. This // field is not used for any operational purposes. This is only returned when // alias is read, only as a nicety. + // @inject_tag: sentinel:"-" string mount_path = 5; // Metadata is the explicit metadata that clients set against an entity // which enables virtual grouping of aliases. Aliases will be indexed // against their metadata. + // @inject_tag: sentinel:"-" map metadata = 6; // Name is the identifier of this alias in its authentication source. @@ -156,25 +187,31 @@ message Alias { // with MountAccessor form to be the factors that represent an alias in a // unique way. Aliases will be indexed based on this combined uniqueness // factor. + // @inject_tag: sentinel:"-" string name = 7; // CreationTime is the time at which this alias was first created + // @inject_tag: sentinel:"-" google.protobuf.Timestamp creation_time = 8; // LastUpdateTime is the most recent time at which the properties of this // alias got modified. This is helpful in filtering out aliases based // on its age and to take action on them, if desired. + // @inject_tag: sentinel:"-" google.protobuf.Timestamp last_update_time = 9; // MergedFromCanonicalIDs is the FIFO history of merging activity + // @inject_tag: sentinel:"-" repeated string merged_from_canonical_ids = 10; // NamespaceID is the identifier of the namespace to which this alias // belongs. + // @inject_tag: sentinel:"-" string namespace_id = 11; // Custom Metadata represents the custom data tied to this alias - map customMetadata = 12; + // @inject_tag: sentinel:"-" + map custom_metadata = 12; } // Deprecated. Retained for backwards compatibility. diff --git a/helper/storagepacker/types.pb.go b/helper/storagepacker/types.pb.go index 7763a09b5..4c5b14edd 100644 --- a/helper/storagepacker/types.pb.go +++ b/helper/storagepacker/types.pb.go @@ -32,9 +32,9 @@ type Item struct { // this ID will be an internal ID. In other words, outside of the use-case // described above, the caller *must not* rely on this value to be // consistent with what they passed in. - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // message is the contents of the item - Message *anypb.Any `sentinel:"" protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` + Message *anypb.Any `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` } func (x *Item) Reset() { @@ -95,11 +95,11 @@ type Bucket struct { unknownFields protoimpl.UnknownFields // Key is the storage path where the bucket gets stored - Key string `sentinel:"" protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // Items holds the items contained within this bucket. Used by v1. - Items []*Item `sentinel:"" protobuf:"bytes,2,rep,name=items,proto3" json:"items,omitempty"` + Items []*Item `protobuf:"bytes,2,rep,name=items,proto3" json:"items,omitempty"` // ItemMap stores a mapping of item ID to message. Used by v2. - ItemMap map[string]*anypb.Any `sentinel:"" protobuf:"bytes,3,rep,name=item_map,json=itemMap,proto3" json:"item_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + ItemMap map[string]*anypb.Any `protobuf:"bytes,3,rep,name=item_map,json=itemMap,proto3" json:"item_map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *Bucket) Reset() { diff --git a/sdk/database/dbplugin/database.pb.go b/sdk/database/dbplugin/database.pb.go index 436719342..4e8b0098f 100644 --- a/sdk/database/dbplugin/database.pb.go +++ b/sdk/database/dbplugin/database.pb.go @@ -7,10 +7,6 @@ package dbplugin import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" @@ -1467,410 +1463,3 @@ func file_sdk_database_dbplugin_database_proto_init() { file_sdk_database_dbplugin_database_proto_goTypes = nil file_sdk_database_dbplugin_database_proto_depIdxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// DatabaseClient is the client API for Database service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type DatabaseClient interface { - Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) - CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) - RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) - RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) - RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) - Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) - Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) - SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error) - GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error) - // Deprecated: Do not use. - Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) -} - -type databaseClient struct { - cc grpc.ClientConnInterface -} - -func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient { - return &databaseClient{cc} -} - -func (c *databaseClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) { - out := new(TypeResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Type", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) { - out := new(CreateUserResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/CreateUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RenewUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RevokeUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) { - out := new(RotateRootCredentialsResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RotateRootCredentials", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) { - out := new(InitResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Init", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Close", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error) { - out := new(SetCredentialsResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/SetCredentials", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error) { - out := new(GenerateCredentialsResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/GenerateCredentials", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Deprecated: Do not use. -func (c *databaseClient) Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Initialize", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// DatabaseServer is the server API for Database service. -type DatabaseServer interface { - Type(context.Context, *Empty) (*TypeResponse, error) - CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) - RenewUser(context.Context, *RenewUserRequest) (*Empty, error) - RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error) - RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) - Init(context.Context, *InitRequest) (*InitResponse, error) - Close(context.Context, *Empty) (*Empty, error) - SetCredentials(context.Context, *SetCredentialsRequest) (*SetCredentialsResponse, error) - GenerateCredentials(context.Context, *Empty) (*GenerateCredentialsResponse, error) - // Deprecated: Do not use. - Initialize(context.Context, *InitializeRequest) (*Empty, error) -} - -// UnimplementedDatabaseServer can be embedded to have forward compatible implementations. -type UnimplementedDatabaseServer struct { -} - -func (*UnimplementedDatabaseServer) Type(context.Context, *Empty) (*TypeResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") -} -func (*UnimplementedDatabaseServer) CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") -} -func (*UnimplementedDatabaseServer) RenewUser(context.Context, *RenewUserRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method RenewUser not implemented") -} -func (*UnimplementedDatabaseServer) RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method RevokeUser not implemented") -} -func (*UnimplementedDatabaseServer) RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method RotateRootCredentials not implemented") -} -func (*UnimplementedDatabaseServer) Init(context.Context, *InitRequest) (*InitResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Init not implemented") -} -func (*UnimplementedDatabaseServer) Close(context.Context, *Empty) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") -} -func (*UnimplementedDatabaseServer) SetCredentials(context.Context, *SetCredentialsRequest) (*SetCredentialsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method SetCredentials not implemented") -} -func (*UnimplementedDatabaseServer) GenerateCredentials(context.Context, *Empty) (*GenerateCredentialsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GenerateCredentials not implemented") -} -func (*UnimplementedDatabaseServer) Initialize(context.Context, *InitializeRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") -} - -func RegisterDatabaseServer(s *grpc.Server, srv DatabaseServer) { - s.RegisterService(&_Database_serviceDesc, srv) -} - -func _Database_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Type(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Type", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Type(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).CreateUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/CreateUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).CreateUser(ctx, req.(*CreateUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RenewUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RenewUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RenewUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RenewUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RenewUser(ctx, req.(*RenewUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RevokeUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RevokeUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RevokeUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RevokeUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RevokeUser(ctx, req.(*RevokeUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RotateRootCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RotateRootCredentialsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RotateRootCredentials(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RotateRootCredentials", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RotateRootCredentials(ctx, req.(*RotateRootCredentialsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Init_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Init(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Init", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Init(ctx, req.(*InitRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Close(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Close", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Close(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_SetCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SetCredentialsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).SetCredentials(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/SetCredentials", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).SetCredentials(ctx, req.(*SetCredentialsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_GenerateCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).GenerateCredentials(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/GenerateCredentials", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).GenerateCredentials(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitializeRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Initialize(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Initialize", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Initialize(ctx, req.(*InitializeRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _Database_serviceDesc = grpc.ServiceDesc{ - ServiceName: "dbplugin.Database", - HandlerType: (*DatabaseServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Type", - Handler: _Database_Type_Handler, - }, - { - MethodName: "CreateUser", - Handler: _Database_CreateUser_Handler, - }, - { - MethodName: "RenewUser", - Handler: _Database_RenewUser_Handler, - }, - { - MethodName: "RevokeUser", - Handler: _Database_RevokeUser_Handler, - }, - { - MethodName: "RotateRootCredentials", - Handler: _Database_RotateRootCredentials_Handler, - }, - { - MethodName: "Init", - Handler: _Database_Init_Handler, - }, - { - MethodName: "Close", - Handler: _Database_Close_Handler, - }, - { - MethodName: "SetCredentials", - Handler: _Database_SetCredentials_Handler, - }, - { - MethodName: "GenerateCredentials", - Handler: _Database_GenerateCredentials_Handler, - }, - { - MethodName: "Initialize", - Handler: _Database_Initialize_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "sdk/database/dbplugin/database.proto", -} diff --git a/sdk/database/dbplugin/database_grpc.pb.go b/sdk/database/dbplugin/database_grpc.pb.go new file mode 100644 index 000000000..0e34e00a3 --- /dev/null +++ b/sdk/database/dbplugin/database_grpc.pb.go @@ -0,0 +1,428 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package dbplugin + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// DatabaseClient is the client API for Database service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type DatabaseClient interface { + Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) + CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) + RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) + RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) + RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) + Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) + Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error) + GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error) + // Deprecated: Do not use. + Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) +} + +type databaseClient struct { + cc grpc.ClientConnInterface +} + +func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient { + return &databaseClient{cc} +} + +func (c *databaseClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) { + out := new(TypeResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/Type", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) { + out := new(CreateUserResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/CreateUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/dbplugin.Database/RenewUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/dbplugin.Database/RevokeUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) { + out := new(RotateRootCredentialsResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/RotateRootCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) { + out := new(InitResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/Init", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/dbplugin.Database/Close", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) SetCredentials(ctx context.Context, in *SetCredentialsRequest, opts ...grpc.CallOption) (*SetCredentialsResponse, error) { + out := new(SetCredentialsResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/SetCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) GenerateCredentials(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateCredentialsResponse, error) { + out := new(GenerateCredentialsResponse) + err := c.cc.Invoke(ctx, "/dbplugin.Database/GenerateCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// Deprecated: Do not use. +func (c *databaseClient) Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/dbplugin.Database/Initialize", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// DatabaseServer is the server API for Database service. +// All implementations must embed UnimplementedDatabaseServer +// for forward compatibility +type DatabaseServer interface { + Type(context.Context, *Empty) (*TypeResponse, error) + CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) + RenewUser(context.Context, *RenewUserRequest) (*Empty, error) + RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error) + RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) + Init(context.Context, *InitRequest) (*InitResponse, error) + Close(context.Context, *Empty) (*Empty, error) + SetCredentials(context.Context, *SetCredentialsRequest) (*SetCredentialsResponse, error) + GenerateCredentials(context.Context, *Empty) (*GenerateCredentialsResponse, error) + // Deprecated: Do not use. + Initialize(context.Context, *InitializeRequest) (*Empty, error) + mustEmbedUnimplementedDatabaseServer() +} + +// UnimplementedDatabaseServer must be embedded to have forward compatible implementations. +type UnimplementedDatabaseServer struct { +} + +func (UnimplementedDatabaseServer) Type(context.Context, *Empty) (*TypeResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") +} +func (UnimplementedDatabaseServer) CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") +} +func (UnimplementedDatabaseServer) RenewUser(context.Context, *RenewUserRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method RenewUser not implemented") +} +func (UnimplementedDatabaseServer) RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeUser not implemented") +} +func (UnimplementedDatabaseServer) RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RotateRootCredentials not implemented") +} +func (UnimplementedDatabaseServer) Init(context.Context, *InitRequest) (*InitResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Init not implemented") +} +func (UnimplementedDatabaseServer) Close(context.Context, *Empty) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") +} +func (UnimplementedDatabaseServer) SetCredentials(context.Context, *SetCredentialsRequest) (*SetCredentialsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetCredentials not implemented") +} +func (UnimplementedDatabaseServer) GenerateCredentials(context.Context, *Empty) (*GenerateCredentialsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GenerateCredentials not implemented") +} +func (UnimplementedDatabaseServer) Initialize(context.Context, *InitializeRequest) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") +} +func (UnimplementedDatabaseServer) mustEmbedUnimplementedDatabaseServer() {} + +// UnsafeDatabaseServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to DatabaseServer will +// result in compilation errors. +type UnsafeDatabaseServer interface { + mustEmbedUnimplementedDatabaseServer() +} + +func RegisterDatabaseServer(s grpc.ServiceRegistrar, srv DatabaseServer) { + s.RegisterService(&Database_ServiceDesc, srv) +} + +func _Database_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Type(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/Type", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Type(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).CreateUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/CreateUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).CreateUser(ctx, req.(*CreateUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_RenewUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RenewUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).RenewUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/RenewUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).RenewUser(ctx, req.(*RenewUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_RevokeUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RevokeUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).RevokeUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/RevokeUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).RevokeUser(ctx, req.(*RevokeUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_RotateRootCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RotateRootCredentialsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).RotateRootCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/RotateRootCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).RotateRootCredentials(ctx, req.(*RotateRootCredentialsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_Init_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InitRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Init(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/Init", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Init(ctx, req.(*InitRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Close(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/Close", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Close(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_SetCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SetCredentialsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).SetCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/SetCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).SetCredentials(ctx, req.(*SetCredentialsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_GenerateCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).GenerateCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/GenerateCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).GenerateCredentials(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InitializeRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Initialize(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.Database/Initialize", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Initialize(ctx, req.(*InitializeRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Database_ServiceDesc is the grpc.ServiceDesc for Database service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Database_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "dbplugin.Database", + HandlerType: (*DatabaseServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Type", + Handler: _Database_Type_Handler, + }, + { + MethodName: "CreateUser", + Handler: _Database_CreateUser_Handler, + }, + { + MethodName: "RenewUser", + Handler: _Database_RenewUser_Handler, + }, + { + MethodName: "RevokeUser", + Handler: _Database_RevokeUser_Handler, + }, + { + MethodName: "RotateRootCredentials", + Handler: _Database_RotateRootCredentials_Handler, + }, + { + MethodName: "Init", + Handler: _Database_Init_Handler, + }, + { + MethodName: "Close", + Handler: _Database_Close_Handler, + }, + { + MethodName: "SetCredentials", + Handler: _Database_SetCredentials_Handler, + }, + { + MethodName: "GenerateCredentials", + Handler: _Database_GenerateCredentials_Handler, + }, + { + MethodName: "Initialize", + Handler: _Database_Initialize_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "sdk/database/dbplugin/database.proto", +} diff --git a/sdk/database/dbplugin/grpc_transport.go b/sdk/database/dbplugin/grpc_transport.go index 927f524af..fbae626df 100644 --- a/sdk/database/dbplugin/grpc_transport.go +++ b/sdk/database/dbplugin/grpc_transport.go @@ -22,6 +22,8 @@ var ( // ---- gRPC Server domain ---- type gRPCServer struct { + UnimplementedDatabaseServer + impl Database } diff --git a/sdk/database/dbplugin/v5/grpc_server.go b/sdk/database/dbplugin/v5/grpc_server.go index 4442c5250..c75fa8ef0 100644 --- a/sdk/database/dbplugin/v5/grpc_server.go +++ b/sdk/database/dbplugin/v5/grpc_server.go @@ -14,6 +14,8 @@ import ( var _ proto.DatabaseServer = gRPCServer{} type gRPCServer struct { + proto.UnimplementedDatabaseServer + impl Database } diff --git a/sdk/database/dbplugin/v5/proto/database.pb.go b/sdk/database/dbplugin/v5/proto/database.pb.go index ce4e2ca03..4416e0acc 100644 --- a/sdk/database/dbplugin/v5/proto/database.pb.go +++ b/sdk/database/dbplugin/v5/proto/database.pb.go @@ -7,10 +7,6 @@ package proto import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" @@ -1142,263 +1138,3 @@ func file_sdk_database_dbplugin_v5_proto_database_proto_init() { file_sdk_database_dbplugin_v5_proto_database_proto_goTypes = nil file_sdk_database_dbplugin_v5_proto_database_proto_depIdxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// DatabaseClient is the client API for Database service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type DatabaseClient interface { - Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*InitializeResponse, error) - NewUser(ctx context.Context, in *NewUserRequest, opts ...grpc.CallOption) (*NewUserResponse, error) - UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*UpdateUserResponse, error) - DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) - Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) - Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) -} - -type databaseClient struct { - cc grpc.ClientConnInterface -} - -func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient { - return &databaseClient{cc} -} - -func (c *databaseClient) Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*InitializeResponse, error) { - out := new(InitializeResponse) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Initialize", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) NewUser(ctx context.Context, in *NewUserRequest, opts ...grpc.CallOption) (*NewUserResponse, error) { - out := new(NewUserResponse) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/NewUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*UpdateUserResponse, error) { - out := new(UpdateUserResponse) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/UpdateUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) { - out := new(DeleteUserResponse) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/DeleteUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) { - out := new(TypeResponse) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Type", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Close", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// DatabaseServer is the server API for Database service. -type DatabaseServer interface { - Initialize(context.Context, *InitializeRequest) (*InitializeResponse, error) - NewUser(context.Context, *NewUserRequest) (*NewUserResponse, error) - UpdateUser(context.Context, *UpdateUserRequest) (*UpdateUserResponse, error) - DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) - Type(context.Context, *Empty) (*TypeResponse, error) - Close(context.Context, *Empty) (*Empty, error) -} - -// UnimplementedDatabaseServer can be embedded to have forward compatible implementations. -type UnimplementedDatabaseServer struct { -} - -func (*UnimplementedDatabaseServer) Initialize(context.Context, *InitializeRequest) (*InitializeResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") -} -func (*UnimplementedDatabaseServer) NewUser(context.Context, *NewUserRequest) (*NewUserResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method NewUser not implemented") -} -func (*UnimplementedDatabaseServer) UpdateUser(context.Context, *UpdateUserRequest) (*UpdateUserResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdateUser not implemented") -} -func (*UnimplementedDatabaseServer) DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeleteUser not implemented") -} -func (*UnimplementedDatabaseServer) Type(context.Context, *Empty) (*TypeResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") -} -func (*UnimplementedDatabaseServer) Close(context.Context, *Empty) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") -} - -func RegisterDatabaseServer(s *grpc.Server, srv DatabaseServer) { - s.RegisterService(&_Database_serviceDesc, srv) -} - -func _Database_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitializeRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Initialize(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/Initialize", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Initialize(ctx, req.(*InitializeRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_NewUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(NewUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).NewUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/NewUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).NewUser(ctx, req.(*NewUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpdateUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).UpdateUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/UpdateUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).UpdateUser(ctx, req.(*UpdateUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeleteUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).DeleteUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/DeleteUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).DeleteUser(ctx, req.(*DeleteUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Type(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/Type", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Type(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Close(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.v5.Database/Close", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Close(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _Database_serviceDesc = grpc.ServiceDesc{ - ServiceName: "dbplugin.v5.Database", - HandlerType: (*DatabaseServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Initialize", - Handler: _Database_Initialize_Handler, - }, - { - MethodName: "NewUser", - Handler: _Database_NewUser_Handler, - }, - { - MethodName: "UpdateUser", - Handler: _Database_UpdateUser_Handler, - }, - { - MethodName: "DeleteUser", - Handler: _Database_DeleteUser_Handler, - }, - { - MethodName: "Type", - Handler: _Database_Type_Handler, - }, - { - MethodName: "Close", - Handler: _Database_Close_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "sdk/database/dbplugin/v5/proto/database.proto", -} diff --git a/sdk/database/dbplugin/v5/proto/database_grpc.pb.go b/sdk/database/dbplugin/v5/proto/database_grpc.pb.go new file mode 100644 index 000000000..8a549fef9 --- /dev/null +++ b/sdk/database/dbplugin/v5/proto/database_grpc.pb.go @@ -0,0 +1,281 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package proto + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// DatabaseClient is the client API for Database service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type DatabaseClient interface { + Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*InitializeResponse, error) + NewUser(ctx context.Context, in *NewUserRequest, opts ...grpc.CallOption) (*NewUserResponse, error) + UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*UpdateUserResponse, error) + DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) + Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) + Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) +} + +type databaseClient struct { + cc grpc.ClientConnInterface +} + +func NewDatabaseClient(cc grpc.ClientConnInterface) DatabaseClient { + return &databaseClient{cc} +} + +func (c *databaseClient) Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*InitializeResponse, error) { + out := new(InitializeResponse) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Initialize", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) NewUser(ctx context.Context, in *NewUserRequest, opts ...grpc.CallOption) (*NewUserResponse, error) { + out := new(NewUserResponse) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/NewUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*UpdateUserResponse, error) { + out := new(UpdateUserResponse) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/UpdateUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) { + out := new(DeleteUserResponse) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/DeleteUser", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) { + out := new(TypeResponse) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Type", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *databaseClient) Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/dbplugin.v5.Database/Close", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// DatabaseServer is the server API for Database service. +// All implementations must embed UnimplementedDatabaseServer +// for forward compatibility +type DatabaseServer interface { + Initialize(context.Context, *InitializeRequest) (*InitializeResponse, error) + NewUser(context.Context, *NewUserRequest) (*NewUserResponse, error) + UpdateUser(context.Context, *UpdateUserRequest) (*UpdateUserResponse, error) + DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) + Type(context.Context, *Empty) (*TypeResponse, error) + Close(context.Context, *Empty) (*Empty, error) + mustEmbedUnimplementedDatabaseServer() +} + +// UnimplementedDatabaseServer must be embedded to have forward compatible implementations. +type UnimplementedDatabaseServer struct { +} + +func (UnimplementedDatabaseServer) Initialize(context.Context, *InitializeRequest) (*InitializeResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") +} +func (UnimplementedDatabaseServer) NewUser(context.Context, *NewUserRequest) (*NewUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method NewUser not implemented") +} +func (UnimplementedDatabaseServer) UpdateUser(context.Context, *UpdateUserRequest) (*UpdateUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateUser not implemented") +} +func (UnimplementedDatabaseServer) DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteUser not implemented") +} +func (UnimplementedDatabaseServer) Type(context.Context, *Empty) (*TypeResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") +} +func (UnimplementedDatabaseServer) Close(context.Context, *Empty) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") +} +func (UnimplementedDatabaseServer) mustEmbedUnimplementedDatabaseServer() {} + +// UnsafeDatabaseServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to DatabaseServer will +// result in compilation errors. +type UnsafeDatabaseServer interface { + mustEmbedUnimplementedDatabaseServer() +} + +func RegisterDatabaseServer(s grpc.ServiceRegistrar, srv DatabaseServer) { + s.RegisterService(&Database_ServiceDesc, srv) +} + +func _Database_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InitializeRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Initialize(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/Initialize", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Initialize(ctx, req.(*InitializeRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_NewUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(NewUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).NewUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/NewUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).NewUser(ctx, req.(*NewUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).UpdateUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/UpdateUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).UpdateUser(ctx, req.(*UpdateUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).DeleteUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/DeleteUser", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).DeleteUser(ctx, req.(*DeleteUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Type(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/Type", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Type(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Database_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DatabaseServer).Close(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/dbplugin.v5.Database/Close", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DatabaseServer).Close(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +// Database_ServiceDesc is the grpc.ServiceDesc for Database service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Database_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "dbplugin.v5.Database", + HandlerType: (*DatabaseServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Initialize", + Handler: _Database_Initialize_Handler, + }, + { + MethodName: "NewUser", + Handler: _Database_NewUser_Handler, + }, + { + MethodName: "UpdateUser", + Handler: _Database_UpdateUser_Handler, + }, + { + MethodName: "DeleteUser", + Handler: _Database_DeleteUser_Handler, + }, + { + MethodName: "Type", + Handler: _Database_Type_Handler, + }, + { + MethodName: "Close", + Handler: _Database_Close_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "sdk/database/dbplugin/v5/proto/database.proto", +} diff --git a/sdk/logical/identity.pb.go b/sdk/logical/identity.pb.go index 3d1adc90a..b511b587c 100644 --- a/sdk/logical/identity.pb.go +++ b/sdk/logical/identity.pb.go @@ -26,18 +26,18 @@ type Entity struct { unknownFields protoimpl.UnknownFields // ID is the unique identifier for the entity - ID string `sentinel:"" protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` + ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` // Name is the human-friendly unique identifier for the entity - Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Aliases contains thhe alias mappings for the given entity - Aliases []*Alias `sentinel:"" protobuf:"bytes,3,rep,name=aliases,proto3" json:"aliases,omitempty"` + Aliases []*Alias `protobuf:"bytes,3,rep,name=aliases,proto3" json:"aliases,omitempty"` // Metadata represents the custom data tied to this entity - Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Disabled is true if the entity is disabled. - Disabled bool `sentinel:"" protobuf:"varint,5,opt,name=disabled,proto3" json:"disabled,omitempty"` + Disabled bool `protobuf:"varint,5,opt,name=disabled,proto3" json:"disabled,omitempty"` // NamespaceID is the identifier of the namespace to which this entity // belongs to. - NamespaceID string `sentinel:"" protobuf:"bytes,6,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + NamespaceID string `protobuf:"bytes,6,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` } func (x *Entity) Reset() { @@ -120,26 +120,26 @@ type Alias struct { unknownFields protoimpl.UnknownFields // MountType is the backend mount's type to which this identity belongs - MountType string `sentinel:"" protobuf:"bytes,1,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` + MountType string `protobuf:"bytes,1,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` // MountAccessor is the identifier of the mount entry to which this // identity belongs - MountAccessor string `sentinel:"" protobuf:"bytes,2,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` + MountAccessor string `protobuf:"bytes,2,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` // Name is the identifier of this identity in its authentication source - Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` // Metadata represents the custom data tied to this alias. Fields added // to it should have a low rate of change (or no change) because each // change incurs a storage write, so quickly-changing fields can have // a significant performance impact at scale. See the SDK's // "aliasmetadata" package for a helper that eases and standardizes // using this safely. - Metadata map[string]string `sentinel:"" protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // ID is the unique identifier for the alias - ID string `sentinel:"" protobuf:"bytes,5,opt,name=ID,proto3" json:"ID,omitempty"` + ID string `protobuf:"bytes,5,opt,name=ID,proto3" json:"ID,omitempty"` // NamespaceID is the identifier of the namespace to which this alias // belongs. - NamespaceID string `sentinel:"" protobuf:"bytes,6,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + NamespaceID string `protobuf:"bytes,6,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` // Custom Metadata represents the custom data tied to this alias - CustomMetadata map[string]string `sentinel:"" protobuf:"bytes,7,rep,name=custom_metadata,json=customMetadata,proto3" json:"custom_metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + CustomMetadata map[string]string `protobuf:"bytes,7,rep,name=custom_metadata,json=customMetadata,proto3" json:"custom_metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *Alias) Reset() { @@ -229,14 +229,14 @@ type Group struct { unknownFields protoimpl.UnknownFields // ID is the unique identifier for the group - ID string `sentinel:"" protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` + ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"` // Name is the human-friendly unique identifier for the group - Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Metadata represents the custom data tied to this group - Metadata map[string]string `sentinel:"" protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // NamespaceID is the identifier of the namespace to which this group // belongs to. - NamespaceID string `sentinel:"" protobuf:"bytes,4,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + NamespaceID string `protobuf:"bytes,4,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` } func (x *Group) Reset() { diff --git a/sdk/plugin/grpc_backend_server.go b/sdk/plugin/grpc_backend_server.go index b895a9cf7..ce9ecdf06 100644 --- a/sdk/plugin/grpc_backend_server.go +++ b/sdk/plugin/grpc_backend_server.go @@ -15,6 +15,8 @@ import ( var ErrServerInMetadataMode = errors.New("plugin server can not perform action while in metadata mode") type backendGRPCPluginServer struct { + pb.UnimplementedBackendServer + broker *plugin.GRPCBroker backend logical.Backend diff --git a/sdk/plugin/grpc_storage.go b/sdk/plugin/grpc_storage.go index 8eb566500..3da2ce312 100644 --- a/sdk/plugin/grpc_storage.go +++ b/sdk/plugin/grpc_storage.go @@ -76,6 +76,7 @@ func (s *GRPCStorageClient) Delete(ctx context.Context, key string) error { // StorageServer is a net/rpc compatible structure for serving type GRPCStorageServer struct { + pb.UnimplementedStorageServer impl logical.Storage } diff --git a/sdk/plugin/grpc_system.go b/sdk/plugin/grpc_system.go index ead85aefe..ca7db0317 100644 --- a/sdk/plugin/grpc_system.go +++ b/sdk/plugin/grpc_system.go @@ -175,6 +175,8 @@ func (s *gRPCSystemViewClient) GeneratePasswordFromPolicy(ctx context.Context, p } type gRPCSystemViewServer struct { + pb.UnimplementedSystemViewServer + impl logical.SystemView } diff --git a/sdk/plugin/pb/backend.pb.go b/sdk/plugin/pb/backend.pb.go index ca67fc343..b491f1d58 100644 --- a/sdk/plugin/pb/backend.pb.go +++ b/sdk/plugin/pb/backend.pb.go @@ -7,11 +7,7 @@ package pb import ( - context "context" logical "github.com/hashicorp/vault/sdk/logical" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" @@ -69,7 +65,7 @@ type Header struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Header []string `sentinel:"" protobuf:"bytes,1,rep,name=header,proto3" json:"header,omitempty"` + Header []string `protobuf:"bytes,1,rep,name=header,proto3" json:"header,omitempty"` } func (x *Header) Reset() { @@ -128,9 +124,9 @@ type ProtoError struct { // ErrTypePermissionDenied // ErrTypeMultiAuthzPending // ErrTypeUnrecoverable - ErrType uint32 `sentinel:"" protobuf:"varint,1,opt,name=err_type,json=errType,proto3" json:"err_type,omitempty"` - ErrMsg string `sentinel:"" protobuf:"bytes,2,opt,name=err_msg,json=errMsg,proto3" json:"err_msg,omitempty"` - ErrCode int64 `sentinel:"" protobuf:"varint,3,opt,name=err_code,json=errCode,proto3" json:"err_code,omitempty"` + ErrType uint32 `protobuf:"varint,1,opt,name=err_type,json=errType,proto3" json:"err_type,omitempty"` + ErrMsg string `protobuf:"bytes,2,opt,name=err_msg,json=errMsg,proto3" json:"err_msg,omitempty"` + ErrCode int64 `protobuf:"varint,3,opt,name=err_code,json=errCode,proto3" json:"err_code,omitempty"` } func (x *ProtoError) Reset() { @@ -193,16 +189,16 @@ type Paths struct { unknownFields protoimpl.UnknownFields // Root are the paths that require a root token to access - Root []string `sentinel:"" protobuf:"bytes,1,rep,name=root,proto3" json:"root,omitempty"` + Root []string `protobuf:"bytes,1,rep,name=root,proto3" json:"root,omitempty"` // Unauthenticated are the paths that can be accessed without any auth. - Unauthenticated []string `sentinel:"" protobuf:"bytes,2,rep,name=unauthenticated,proto3" json:"unauthenticated,omitempty"` + Unauthenticated []string `protobuf:"bytes,2,rep,name=unauthenticated,proto3" json:"unauthenticated,omitempty"` // LocalStorage are paths (prefixes) that are local to this instance; this // indicates that these paths should not be replicated - LocalStorage []string `sentinel:"" protobuf:"bytes,3,rep,name=local_storage,json=localStorage,proto3" json:"local_storage,omitempty"` + LocalStorage []string `protobuf:"bytes,3,rep,name=local_storage,json=localStorage,proto3" json:"local_storage,omitempty"` // SealWrapStorage are storage paths that, when using a capable seal, // should be seal wrapped with extra encryption. It is exact matching // unless it ends with '/' in which case it will be treated as a prefix. - SealWrapStorage []string `sentinel:"" protobuf:"bytes,4,rep,name=seal_wrap_storage,json=sealWrapStorage,proto3" json:"seal_wrap_storage,omitempty"` + SealWrapStorage []string `protobuf:"bytes,4,rep,name=seal_wrap_storage,json=sealWrapStorage,proto3" json:"seal_wrap_storage,omitempty"` } func (x *Paths) Reset() { @@ -271,71 +267,71 @@ type Request struct { unknownFields protoimpl.UnknownFields // ID is the uuid associated with each request - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // If set, the name given to the replication secondary where this request // originated - ReplicationCluster string `sentinel:"" protobuf:"bytes,2,opt,name=ReplicationCluster,proto3" json:"ReplicationCluster,omitempty"` + ReplicationCluster string `protobuf:"bytes,2,opt,name=ReplicationCluster,proto3" json:"ReplicationCluster,omitempty"` // Operation is the requested operation type - Operation string `sentinel:"" protobuf:"bytes,3,opt,name=operation,proto3" json:"operation,omitempty"` + Operation string `protobuf:"bytes,3,opt,name=operation,proto3" json:"operation,omitempty"` // Path is the part of the request path not consumed by the // routing. As an example, if the original request path is "prod/aws/foo" // and the AWS logical backend is mounted at "prod/aws/", then the // final path is "foo" since the mount prefix is trimmed. - Path string `sentinel:"" protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` + Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` // Request data is a JSON object that must have keys with string type. - Data string `sentinel:"" protobuf:"bytes,5,opt,name=data,proto3" json:"data,omitempty"` + Data string `protobuf:"bytes,5,opt,name=data,proto3" json:"data,omitempty"` // Secret will be non-nil only for Revoke and Renew operations // to represent the secret that was returned prior. - Secret *Secret `sentinel:"" protobuf:"bytes,6,opt,name=secret,proto3" json:"secret,omitempty"` + Secret *Secret `protobuf:"bytes,6,opt,name=secret,proto3" json:"secret,omitempty"` // Auth will be non-nil only for Renew operations // to represent the auth that was returned prior. - Auth *Auth `sentinel:"" protobuf:"bytes,7,opt,name=auth,proto3" json:"auth,omitempty"` + Auth *Auth `protobuf:"bytes,7,opt,name=auth,proto3" json:"auth,omitempty"` // Headers will contain the http headers from the request. This value will // be used in the audit broker to ensure we are auditing only the allowed // headers. - Headers map[string]*Header `sentinel:"" protobuf:"bytes,8,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Headers map[string]*Header `protobuf:"bytes,8,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // ClientToken is provided to the core so that the identity // can be verified and ACLs applied. This value is passed // through to the logical backends but after being salted and // hashed. - ClientToken string `sentinel:"" protobuf:"bytes,9,opt,name=client_token,json=clientToken,proto3" json:"client_token,omitempty"` + ClientToken string `protobuf:"bytes,9,opt,name=client_token,json=clientToken,proto3" json:"client_token,omitempty"` // ClientTokenAccessor is provided to the core so that the it can get // logged as part of request audit logging. - ClientTokenAccessor string `sentinel:"" protobuf:"bytes,10,opt,name=client_token_accessor,json=clientTokenAccessor,proto3" json:"client_token_accessor,omitempty"` + ClientTokenAccessor string `protobuf:"bytes,10,opt,name=client_token_accessor,json=clientTokenAccessor,proto3" json:"client_token_accessor,omitempty"` // DisplayName is provided to the logical backend to help associate // dynamic secrets with the source entity. This is not a sensitive // name, but is useful for operators. - DisplayName string `sentinel:"" protobuf:"bytes,11,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` + DisplayName string `protobuf:"bytes,11,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // MountPoint is provided so that a logical backend can generate // paths relative to itself. The `Path` is effectively the client // request path with the MountPoint trimmed off. - MountPoint string `sentinel:"" protobuf:"bytes,12,opt,name=mount_point,json=mountPoint,proto3" json:"mount_point,omitempty"` + MountPoint string `protobuf:"bytes,12,opt,name=mount_point,json=mountPoint,proto3" json:"mount_point,omitempty"` // MountType is provided so that a logical backend can make decisions // based on the specific mount type (e.g., if a mount type has different // aliases, generating different defaults depending on the alias) - MountType string `sentinel:"" protobuf:"bytes,13,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` + MountType string `protobuf:"bytes,13,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` // MountAccessor is provided so that identities returned by the authentication // backends can be tied to the mount it belongs to. - MountAccessor string `sentinel:"" protobuf:"bytes,14,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` + MountAccessor string `protobuf:"bytes,14,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` // WrapInfo contains requested response wrapping parameters - WrapInfo *RequestWrapInfo `sentinel:"" protobuf:"bytes,15,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` + WrapInfo *RequestWrapInfo `protobuf:"bytes,15,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` // ClientTokenRemainingUses represents the allowed number of uses left on the // token supplied - ClientTokenRemainingUses int64 `sentinel:"" protobuf:"varint,16,opt,name=client_token_remaining_uses,json=clientTokenRemainingUses,proto3" json:"client_token_remaining_uses,omitempty"` + ClientTokenRemainingUses int64 `protobuf:"varint,16,opt,name=client_token_remaining_uses,json=clientTokenRemainingUses,proto3" json:"client_token_remaining_uses,omitempty"` // EntityID is the identity of the caller extracted out of the token used // to make this request - EntityID string `sentinel:"" protobuf:"bytes,17,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + EntityID string `protobuf:"bytes,17,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` // PolicyOverride indicates that the requestor wishes to override // soft-mandatory Sentinel policies - PolicyOverride bool `sentinel:"" protobuf:"varint,18,opt,name=policy_override,json=policyOverride,proto3" json:"policy_override,omitempty"` + PolicyOverride bool `protobuf:"varint,18,opt,name=policy_override,json=policyOverride,proto3" json:"policy_override,omitempty"` // Whether the request is unauthenticated, as in, had no client token // attached. Useful in some situations where the client token is not made // accessible. - Unauthenticated bool `sentinel:"" protobuf:"varint,19,opt,name=unauthenticated,proto3" json:"unauthenticated,omitempty"` + Unauthenticated bool `protobuf:"varint,19,opt,name=unauthenticated,proto3" json:"unauthenticated,omitempty"` // Connection will be non-nil only for credential providers to // inspect the connection information and potentially use it for // authentication/protection. - Connection *Connection `sentinel:"" protobuf:"bytes,20,opt,name=connection,proto3" json:"connection,omitempty"` + Connection *Connection `protobuf:"bytes,20,opt,name=connection,proto3" json:"connection,omitempty"` } func (x *Request) Reset() { @@ -515,66 +511,66 @@ type Auth struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - LeaseOptions *LeaseOptions `sentinel:"" protobuf:"bytes,1,opt,name=lease_options,json=leaseOptions,proto3" json:"lease_options,omitempty"` + LeaseOptions *LeaseOptions `protobuf:"bytes,1,opt,name=lease_options,json=leaseOptions,proto3" json:"lease_options,omitempty"` // InternalData is a JSON object that is stored with the auth struct. // This will be sent back during a Renew/Revoke for storing internal data // used for those operations. - InternalData string `sentinel:"" protobuf:"bytes,2,opt,name=internal_data,json=internalData,proto3" json:"internal_data,omitempty"` + InternalData string `protobuf:"bytes,2,opt,name=internal_data,json=internalData,proto3" json:"internal_data,omitempty"` // DisplayName is a non-security sensitive identifier that is // applicable to this Auth. It is used for logging and prefixing // of dynamic secrets. For example, DisplayName may be "armon" for // the github credential backend. If the client token is used to // generate a SQL credential, the user may be "github-armon-uuid". // This is to help identify the source without using audit tables. - DisplayName string `sentinel:"" protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` + DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // Policies is the list of policies that the authenticated user // is associated with. - Policies []string `sentinel:"" protobuf:"bytes,4,rep,name=policies,proto3" json:"policies,omitempty"` + Policies []string `protobuf:"bytes,4,rep,name=policies,proto3" json:"policies,omitempty"` // Metadata is used to attach arbitrary string-type metadata to // an authenticated user. This metadata will be outputted into the // audit log. - Metadata map[string]string `sentinel:"" protobuf:"bytes,5,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Metadata map[string]string `protobuf:"bytes,5,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // ClientToken is the token that is generated for the authentication. // This will be filled in by Vault core when an auth structure is // returned. Setting this manually will have no effect. - ClientToken string `sentinel:"" protobuf:"bytes,6,opt,name=client_token,json=clientToken,proto3" json:"client_token,omitempty"` + ClientToken string `protobuf:"bytes,6,opt,name=client_token,json=clientToken,proto3" json:"client_token,omitempty"` // Accessor is the identifier for the ClientToken. This can be used // to perform management functionalities (especially revocation) when // ClientToken in the audit logs are obfuscated. Accessor can be used // to revoke a ClientToken and to lookup the capabilities of the ClientToken, // both without actually knowing the ClientToken. - Accessor string `sentinel:"" protobuf:"bytes,7,opt,name=accessor,proto3" json:"accessor,omitempty"` + Accessor string `protobuf:"bytes,7,opt,name=accessor,proto3" json:"accessor,omitempty"` // Period indicates that the token generated using this Auth object // should never expire. The token should be renewed within the duration // specified by this period. - Period int64 `sentinel:"" protobuf:"varint,8,opt,name=period,proto3" json:"period,omitempty"` + Period int64 `protobuf:"varint,8,opt,name=period,proto3" json:"period,omitempty"` // Number of allowed uses of the issued token - NumUses int64 `sentinel:"" protobuf:"varint,9,opt,name=num_uses,json=numUses,proto3" json:"num_uses,omitempty"` + NumUses int64 `protobuf:"varint,9,opt,name=num_uses,json=numUses,proto3" json:"num_uses,omitempty"` // EntityID is the identifier of the entity in identity store to which the // identity of the authenticating client belongs to. - EntityID string `sentinel:"" protobuf:"bytes,10,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + EntityID string `protobuf:"bytes,10,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` // Alias is the information about the authenticated client returned by // the auth backend - Alias *logical.Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"` + Alias *logical.Alias `protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"` // GroupAliases are the informational mappings of external groups which an // authenticated user belongs to. This is used to check if there are // mappings groups for the group aliases in identity store. For all the // matching groups, the entity ID of the user will be added. - GroupAliases []*logical.Alias `sentinel:"" protobuf:"bytes,12,rep,name=group_aliases,json=groupAliases,proto3" json:"group_aliases,omitempty"` + GroupAliases []*logical.Alias `protobuf:"bytes,12,rep,name=group_aliases,json=groupAliases,proto3" json:"group_aliases,omitempty"` // If set, restricts usage of the certificates to client IPs falling within // the range of the specified CIDR(s). - BoundCIDRs []string `sentinel:"" protobuf:"bytes,13,rep,name=bound_cidrs,json=boundCidrs,proto3" json:"bound_cidrs,omitempty"` + BoundCIDRs []string `protobuf:"bytes,13,rep,name=bound_cidrs,json=boundCidrs,proto3" json:"bound_cidrs,omitempty"` // TokenPolicies and IdentityPolicies break down the list in Policies to // help determine where a policy was sourced - TokenPolicies []string `sentinel:"" protobuf:"bytes,14,rep,name=token_policies,json=tokenPolicies,proto3" json:"token_policies,omitempty"` - IdentityPolicies []string `sentinel:"" protobuf:"bytes,15,rep,name=identity_policies,json=identityPolicies,proto3" json:"identity_policies,omitempty"` + TokenPolicies []string `protobuf:"bytes,14,rep,name=token_policies,json=tokenPolicies,proto3" json:"token_policies,omitempty"` + IdentityPolicies []string `protobuf:"bytes,15,rep,name=identity_policies,json=identityPolicies,proto3" json:"identity_policies,omitempty"` // Explicit maximum lifetime for the token. Unlike normal TTLs, the maximum // TTL is a hard limit and cannot be exceeded, also counts for periodic tokens. - ExplicitMaxTTL int64 `sentinel:"" protobuf:"varint,16,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` + ExplicitMaxTTL int64 `protobuf:"varint,16,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` // TokenType is the type of token being requested - TokenType uint32 `sentinel:"" protobuf:"varint,17,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"` + TokenType uint32 `protobuf:"varint,17,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"` // Whether the default policy should be added automatically by core - NoDefaultPolicy bool `sentinel:"" protobuf:"varint,18,opt,name=no_default_policy,json=noDefaultPolicy,proto3" json:"no_default_policy,omitempty"` + NoDefaultPolicy bool `protobuf:"varint,18,opt,name=no_default_policy,json=noDefaultPolicy,proto3" json:"no_default_policy,omitempty"` } func (x *Auth) Reset() { @@ -740,24 +736,24 @@ type TokenEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Accessor string `sentinel:"" protobuf:"bytes,2,opt,name=accessor,proto3" json:"accessor,omitempty"` - Parent string `sentinel:"" protobuf:"bytes,3,opt,name=parent,proto3" json:"parent,omitempty"` - Policies []string `sentinel:"" protobuf:"bytes,4,rep,name=policies,proto3" json:"policies,omitempty"` - Path string `sentinel:"" protobuf:"bytes,5,opt,name=path,proto3" json:"path,omitempty"` - Meta map[string]string `sentinel:"" protobuf:"bytes,6,rep,name=meta,proto3" json:"meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - DisplayName string `sentinel:"" protobuf:"bytes,7,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` - NumUses int64 `sentinel:"" protobuf:"varint,8,opt,name=num_uses,json=numUses,proto3" json:"num_uses,omitempty"` - CreationTime int64 `sentinel:"" protobuf:"varint,9,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` - TTL int64 `sentinel:"" protobuf:"varint,10,opt,name=ttl,proto3" json:"ttl,omitempty"` - ExplicitMaxTTL int64 `sentinel:"" protobuf:"varint,11,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` - Role string `sentinel:"" protobuf:"bytes,12,opt,name=role,proto3" json:"role,omitempty"` - Period int64 `sentinel:"" protobuf:"varint,13,opt,name=period,proto3" json:"period,omitempty"` - EntityID string `sentinel:"" protobuf:"bytes,14,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` - BoundCIDRs []string `sentinel:"" protobuf:"bytes,15,rep,name=bound_cidrs,json=boundCidrs,proto3" json:"bound_cidrs,omitempty"` - NamespaceID string `sentinel:"" protobuf:"bytes,16,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` - CubbyholeID string `sentinel:"" protobuf:"bytes,17,opt,name=cubbyhole_id,json=cubbyholeId,proto3" json:"cubbyhole_id,omitempty"` - Type uint32 `sentinel:"" protobuf:"varint,18,opt,name=type,proto3" json:"type,omitempty"` + ID string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Accessor string `protobuf:"bytes,2,opt,name=accessor,proto3" json:"accessor,omitempty"` + Parent string `protobuf:"bytes,3,opt,name=parent,proto3" json:"parent,omitempty"` + Policies []string `protobuf:"bytes,4,rep,name=policies,proto3" json:"policies,omitempty"` + Path string `protobuf:"bytes,5,opt,name=path,proto3" json:"path,omitempty"` + Meta map[string]string `protobuf:"bytes,6,rep,name=meta,proto3" json:"meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + DisplayName string `protobuf:"bytes,7,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` + NumUses int64 `protobuf:"varint,8,opt,name=num_uses,json=numUses,proto3" json:"num_uses,omitempty"` + CreationTime int64 `protobuf:"varint,9,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + TTL int64 `protobuf:"varint,10,opt,name=ttl,proto3" json:"ttl,omitempty"` + ExplicitMaxTTL int64 `protobuf:"varint,11,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` + Role string `protobuf:"bytes,12,opt,name=role,proto3" json:"role,omitempty"` + Period int64 `protobuf:"varint,13,opt,name=period,proto3" json:"period,omitempty"` + EntityID string `protobuf:"bytes,14,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + BoundCIDRs []string `protobuf:"bytes,15,rep,name=bound_cidrs,json=boundCidrs,proto3" json:"bound_cidrs,omitempty"` + NamespaceID string `protobuf:"bytes,16,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + CubbyholeID string `protobuf:"bytes,17,opt,name=cubbyhole_id,json=cubbyholeId,proto3" json:"cubbyhole_id,omitempty"` + Type uint32 `protobuf:"varint,18,opt,name=type,proto3" json:"type,omitempty"` } func (x *TokenEntry) Reset() { @@ -923,11 +919,11 @@ type LeaseOptions struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` - Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"` - Increment int64 `sentinel:"" protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"` - IssueTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"` - MaxTTL int64 `sentinel:"" protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"` + TTL int64 `protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` + Renewable bool `protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"` + Increment int64 `protobuf:"varint,3,opt,name=increment,proto3" json:"increment,omitempty"` + IssueTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=issue_time,json=issueTime,proto3" json:"issue_time,omitempty"` + MaxTTL int64 `protobuf:"varint,5,opt,name=MaxTTL,proto3" json:"MaxTTL,omitempty"` } func (x *LeaseOptions) Reset() { @@ -1002,15 +998,15 @@ type Secret struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - LeaseOptions *LeaseOptions `sentinel:"" protobuf:"bytes,1,opt,name=lease_options,json=leaseOptions,proto3" json:"lease_options,omitempty"` + LeaseOptions *LeaseOptions `protobuf:"bytes,1,opt,name=lease_options,json=leaseOptions,proto3" json:"lease_options,omitempty"` // InternalData is a JSON object that is stored with the secret. // This will be sent back during a Renew/Revoke for storing internal data // used for those operations. - InternalData string `sentinel:"" protobuf:"bytes,2,opt,name=internal_data,json=internalData,proto3" json:"internal_data,omitempty"` + InternalData string `protobuf:"bytes,2,opt,name=internal_data,json=internalData,proto3" json:"internal_data,omitempty"` // LeaseID is the ID returned to the user to manage this secret. // This is generated by Vault core. Any set value will be ignored. // For requests, this will always be blank. - LeaseID string `sentinel:"" protobuf:"bytes,3,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` + LeaseID string `protobuf:"bytes,3,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` } func (x *Secret) Reset() { @@ -1072,29 +1068,29 @@ type Response struct { unknownFields protoimpl.UnknownFields // Secret, if not nil, denotes that this response represents a secret. - Secret *Secret `sentinel:"" protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` + Secret *Secret `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` // Auth, if not nil, contains the authentication information for // this response. This is only checked and means something for // credential backends. - Auth *Auth `sentinel:"" protobuf:"bytes,2,opt,name=auth,proto3" json:"auth,omitempty"` + Auth *Auth `protobuf:"bytes,2,opt,name=auth,proto3" json:"auth,omitempty"` // Response data is a JSON object that must have string keys. For // secrets, this data is sent down to the user as-is. To store internal // data that you don't want the user to see, store it in // Secret.InternalData. - Data string `sentinel:"" protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` + Data string `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` // Redirect is an HTTP URL to redirect to for further authentication. // This is only valid for credential backends. This will be blanked // for any logical backend and ignored. - Redirect string `sentinel:"" protobuf:"bytes,4,opt,name=redirect,proto3" json:"redirect,omitempty"` + Redirect string `protobuf:"bytes,4,opt,name=redirect,proto3" json:"redirect,omitempty"` // Warnings allow operations or backends to return warnings in response // to user actions without failing the action outright. - Warnings []string `sentinel:"" protobuf:"bytes,5,rep,name=warnings,proto3" json:"warnings,omitempty"` + Warnings []string `protobuf:"bytes,5,rep,name=warnings,proto3" json:"warnings,omitempty"` // Information for wrapping the response in a cubbyhole - WrapInfo *ResponseWrapInfo `sentinel:"" protobuf:"bytes,6,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` + WrapInfo *ResponseWrapInfo `protobuf:"bytes,6,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` // Headers will contain the http headers from the response. This value will // be used in the audit broker to ensure we are auditing only the allowed // headers. - Headers map[string]*Header `sentinel:"" protobuf:"bytes,7,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Headers map[string]*Header `protobuf:"bytes,7,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *Response) Reset() { @@ -1185,27 +1181,27 @@ type ResponseWrapInfo struct { // Setting to non-zero specifies that the response should be wrapped. // Specifies the desired TTL of the wrapping token. - TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` + TTL int64 `protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` // The token containing the wrapped response - Token string `sentinel:"" protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` + Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` // The token accessor for the wrapped response token - Accessor string `sentinel:"" protobuf:"bytes,3,opt,name=accessor,proto3" json:"accessor,omitempty"` + Accessor string `protobuf:"bytes,3,opt,name=accessor,proto3" json:"accessor,omitempty"` // The creation time. This can be used with the TTL to figure out an // expected expiration. - CreationTime *timestamppb.Timestamp `sentinel:"" protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` + CreationTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` // If the contained response is the output of a token creation call, the // created token's accessor will be accessible here - WrappedAccessor string `sentinel:"" protobuf:"bytes,5,opt,name=wrapped_accessor,json=wrappedAccessor,proto3" json:"wrapped_accessor,omitempty"` + WrappedAccessor string `protobuf:"bytes,5,opt,name=wrapped_accessor,json=wrappedAccessor,proto3" json:"wrapped_accessor,omitempty"` // WrappedEntityID is the entity identifier of the caller who initiated the // wrapping request - WrappedEntityID string `sentinel:"" protobuf:"bytes,6,opt,name=wrapped_entity_id,json=wrappedEntityID,proto3" json:"wrapped_entity_id,omitempty"` + WrappedEntityID string `protobuf:"bytes,6,opt,name=wrapped_entity_id,json=wrappedEntityID,proto3" json:"wrapped_entity_id,omitempty"` // The format to use. This doesn't get returned, it's only internal. - Format string `sentinel:"" protobuf:"bytes,7,opt,name=format,proto3" json:"format,omitempty"` + Format string `protobuf:"bytes,7,opt,name=format,proto3" json:"format,omitempty"` // CreationPath is the original request path that was used to create // the wrapped response. - CreationPath string `sentinel:"" protobuf:"bytes,8,opt,name=creation_path,json=creationPath,proto3" json:"creation_path,omitempty"` + CreationPath string `protobuf:"bytes,8,opt,name=creation_path,json=creationPath,proto3" json:"creation_path,omitempty"` // Controls seal wrapping behavior downstream for specific use cases - SealWrap bool `sentinel:"" protobuf:"varint,9,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` + SealWrap bool `protobuf:"varint,9,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` } func (x *ResponseWrapInfo) Reset() { @@ -1310,13 +1306,13 @@ type RequestWrapInfo struct { // Setting to non-zero specifies that the response should be wrapped. // Specifies the desired TTL of the wrapping token. - TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` + TTL int64 `protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` // The format to use for the wrapped response; if not specified it's a bare // token - Format string `sentinel:"" protobuf:"bytes,2,opt,name=format,proto3" json:"format,omitempty"` + Format string `protobuf:"bytes,2,opt,name=format,proto3" json:"format,omitempty"` // A flag to conforming backends that data for a given request should be // seal wrapped - SealWrap bool `sentinel:"" protobuf:"varint,3,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` + SealWrap bool `protobuf:"varint,3,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` } func (x *RequestWrapInfo) Reset() { @@ -1378,8 +1374,8 @@ type HandleRequestArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - StorageID uint32 `sentinel:"" protobuf:"varint,1,opt,name=storage_id,json=storageId,proto3" json:"storage_id,omitempty"` - Request *Request `sentinel:"" protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` + StorageID uint32 `protobuf:"varint,1,opt,name=storage_id,json=storageId,proto3" json:"storage_id,omitempty"` + Request *Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` } func (x *HandleRequestArgs) Reset() { @@ -1434,8 +1430,8 @@ type HandleRequestReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Response *Response `sentinel:"" protobuf:"bytes,1,opt,name=response,proto3" json:"response,omitempty"` - Err *ProtoError `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + Response *Response `protobuf:"bytes,1,opt,name=response,proto3" json:"response,omitempty"` + Err *ProtoError `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *HandleRequestReply) Reset() { @@ -1529,7 +1525,7 @@ type InitializeReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Err *ProtoError `sentinel:"" protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` + Err *ProtoError `protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` } func (x *InitializeReply) Reset() { @@ -1577,7 +1573,7 @@ type SpecialPathsReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Paths *Paths `sentinel:"" protobuf:"bytes,1,opt,name=paths,proto3" json:"paths,omitempty"` + Paths *Paths `protobuf:"bytes,1,opt,name=paths,proto3" json:"paths,omitempty"` } func (x *SpecialPathsReply) Reset() { @@ -1625,8 +1621,8 @@ type HandleExistenceCheckArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - StorageID uint32 `sentinel:"" protobuf:"varint,1,opt,name=storage_id,json=storageId,proto3" json:"storage_id,omitempty"` - Request *Request `sentinel:"" protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` + StorageID uint32 `protobuf:"varint,1,opt,name=storage_id,json=storageId,proto3" json:"storage_id,omitempty"` + Request *Request `protobuf:"bytes,2,opt,name=request,proto3" json:"request,omitempty"` } func (x *HandleExistenceCheckArgs) Reset() { @@ -1681,9 +1677,9 @@ type HandleExistenceCheckReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CheckFound bool `sentinel:"" protobuf:"varint,1,opt,name=check_found,json=checkFound,proto3" json:"check_found,omitempty"` - Exists bool `sentinel:"" protobuf:"varint,2,opt,name=exists,proto3" json:"exists,omitempty"` - Err *ProtoError `sentinel:"" protobuf:"bytes,3,opt,name=err,proto3" json:"err,omitempty"` + CheckFound bool `protobuf:"varint,1,opt,name=check_found,json=checkFound,proto3" json:"check_found,omitempty"` + Exists bool `protobuf:"varint,2,opt,name=exists,proto3" json:"exists,omitempty"` + Err *ProtoError `protobuf:"bytes,3,opt,name=err,proto3" json:"err,omitempty"` } func (x *HandleExistenceCheckReply) Reset() { @@ -1745,9 +1741,9 @@ type SetupArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - BrokerID uint32 `sentinel:"" protobuf:"varint,1,opt,name=broker_id,json=brokerId,proto3" json:"broker_id,omitempty"` - Config map[string]string `sentinel:"" protobuf:"bytes,2,rep,name=Config,proto3" json:"Config,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - BackendUUID string `sentinel:"" protobuf:"bytes,3,opt,name=backendUUID,proto3" json:"backendUUID,omitempty"` + BrokerID uint32 `protobuf:"varint,1,opt,name=broker_id,json=brokerId,proto3" json:"broker_id,omitempty"` + Config map[string]string `protobuf:"bytes,2,rep,name=Config,proto3" json:"Config,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + BackendUUID string `protobuf:"bytes,3,opt,name=backendUUID,proto3" json:"backendUUID,omitempty"` } func (x *SetupArgs) Reset() { @@ -1809,7 +1805,7 @@ type SetupReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Err string `sentinel:"" protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` + Err string `protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` } func (x *SetupReply) Reset() { @@ -1857,7 +1853,7 @@ type TypeReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type uint32 `sentinel:"" protobuf:"varint,1,opt,name=type,proto3" json:"type,omitempty"` + Type uint32 `protobuf:"varint,1,opt,name=type,proto3" json:"type,omitempty"` } func (x *TypeReply) Reset() { @@ -1904,7 +1900,7 @@ type InvalidateKeyArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Key string `sentinel:"" protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` } func (x *InvalidateKeyArgs) Reset() { @@ -1951,9 +1947,9 @@ type StorageEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Key string `sentinel:"" protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - Value []byte `sentinel:"" protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` - SealWrap bool `sentinel:"" protobuf:"varint,3,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + SealWrap bool `protobuf:"varint,3,opt,name=seal_wrap,json=sealWrap,proto3" json:"seal_wrap,omitempty"` } func (x *StorageEntry) Reset() { @@ -2014,7 +2010,7 @@ type StorageListArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Prefix string `sentinel:"" protobuf:"bytes,1,opt,name=prefix,proto3" json:"prefix,omitempty"` + Prefix string `protobuf:"bytes,1,opt,name=prefix,proto3" json:"prefix,omitempty"` } func (x *StorageListArgs) Reset() { @@ -2061,8 +2057,8 @@ type StorageListReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Keys []string `sentinel:"" protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + Keys []string `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *StorageListReply) Reset() { @@ -2116,7 +2112,7 @@ type StorageGetArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Key string `sentinel:"" protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` } func (x *StorageGetArgs) Reset() { @@ -2163,8 +2159,8 @@ type StorageGetReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Entry *StorageEntry `sentinel:"" protobuf:"bytes,1,opt,name=entry,proto3" json:"entry,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + Entry *StorageEntry `protobuf:"bytes,1,opt,name=entry,proto3" json:"entry,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *StorageGetReply) Reset() { @@ -2218,7 +2214,7 @@ type StoragePutArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Entry *StorageEntry `sentinel:"" protobuf:"bytes,1,opt,name=entry,proto3" json:"entry,omitempty"` + Entry *StorageEntry `protobuf:"bytes,1,opt,name=entry,proto3" json:"entry,omitempty"` } func (x *StoragePutArgs) Reset() { @@ -2265,7 +2261,7 @@ type StoragePutReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Err string `sentinel:"" protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` + Err string `protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` } func (x *StoragePutReply) Reset() { @@ -2312,7 +2308,7 @@ type StorageDeleteArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Key string `sentinel:"" protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` } func (x *StorageDeleteArgs) Reset() { @@ -2359,7 +2355,7 @@ type StorageDeleteReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Err string `sentinel:"" protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` + Err string `protobuf:"bytes,1,opt,name=err,proto3" json:"err,omitempty"` } func (x *StorageDeleteReply) Reset() { @@ -2406,7 +2402,7 @@ type TTLReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` + TTL int64 `protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` } func (x *TTLReply) Reset() { @@ -2453,7 +2449,7 @@ type TaintedReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Tainted bool `sentinel:"" protobuf:"varint,1,opt,name=tainted,proto3" json:"tainted,omitempty"` + Tainted bool `protobuf:"varint,1,opt,name=tainted,proto3" json:"tainted,omitempty"` } func (x *TaintedReply) Reset() { @@ -2500,7 +2496,7 @@ type CachingDisabledReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Disabled bool `sentinel:"" protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"` + Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"` } func (x *CachingDisabledReply) Reset() { @@ -2547,7 +2543,7 @@ type ReplicationStateReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - State int32 `sentinel:"" protobuf:"varint,1,opt,name=state,proto3" json:"state,omitempty"` + State int32 `protobuf:"varint,1,opt,name=state,proto3" json:"state,omitempty"` } func (x *ReplicationStateReply) Reset() { @@ -2594,9 +2590,9 @@ type ResponseWrapDataArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Data string `sentinel:"" protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"` - TTL int64 `sentinel:"" protobuf:"varint,2,opt,name=TTL,proto3" json:"TTL,omitempty"` - JWT bool `sentinel:"" protobuf:"varint,3,opt,name=JWT,proto3" json:"JWT,omitempty"` + Data string `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"` + TTL int64 `protobuf:"varint,2,opt,name=TTL,proto3" json:"TTL,omitempty"` + JWT bool `protobuf:"varint,3,opt,name=JWT,proto3" json:"JWT,omitempty"` } func (x *ResponseWrapDataArgs) Reset() { @@ -2657,8 +2653,8 @@ type ResponseWrapDataReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - WrapInfo *ResponseWrapInfo `sentinel:"" protobuf:"bytes,1,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + WrapInfo *ResponseWrapInfo `protobuf:"bytes,1,opt,name=wrap_info,json=wrapInfo,proto3" json:"wrap_info,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *ResponseWrapDataReply) Reset() { @@ -2712,7 +2708,7 @@ type MlockEnabledReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Enabled bool `sentinel:"" protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` + Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` } func (x *MlockEnabledReply) Reset() { @@ -2759,7 +2755,7 @@ type LocalMountReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Local bool `sentinel:"" protobuf:"varint,1,opt,name=local,proto3" json:"local,omitempty"` + Local bool `protobuf:"varint,1,opt,name=local,proto3" json:"local,omitempty"` } func (x *LocalMountReply) Reset() { @@ -2806,7 +2802,7 @@ type EntityInfoArgs struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - EntityID string `sentinel:"" protobuf:"bytes,1,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + EntityID string `protobuf:"bytes,1,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` } func (x *EntityInfoArgs) Reset() { @@ -2853,8 +2849,8 @@ type EntityInfoReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Entity *logical.Entity `sentinel:"" protobuf:"bytes,1,opt,name=entity,proto3" json:"entity,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + Entity *logical.Entity `protobuf:"bytes,1,opt,name=entity,proto3" json:"entity,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *EntityInfoReply) Reset() { @@ -2908,8 +2904,8 @@ type GroupsForEntityReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Groups []*logical.Group `sentinel:"" protobuf:"bytes,1,rep,name=groups,proto3" json:"groups,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + Groups []*logical.Group `protobuf:"bytes,1,rep,name=groups,proto3" json:"groups,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *GroupsForEntityReply) Reset() { @@ -2963,8 +2959,8 @@ type PluginEnvReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - PluginEnvironment *logical.PluginEnvironment `sentinel:"" protobuf:"bytes,1,opt,name=plugin_environment,json=pluginEnvironment,proto3" json:"plugin_environment,omitempty"` - Err string `sentinel:"" protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` + PluginEnvironment *logical.PluginEnvironment `protobuf:"bytes,1,opt,name=plugin_environment,json=pluginEnvironment,proto3" json:"plugin_environment,omitempty"` + Err string `protobuf:"bytes,2,opt,name=err,proto3" json:"err,omitempty"` } func (x *PluginEnvReply) Reset() { @@ -3018,7 +3014,7 @@ type GeneratePasswordFromPolicyRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - PolicyName string `sentinel:"" protobuf:"bytes,1,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` + PolicyName string `protobuf:"bytes,1,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` } func (x *GeneratePasswordFromPolicyRequest) Reset() { @@ -3065,7 +3061,7 @@ type GeneratePasswordFromPolicyReply struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Password string `sentinel:"" protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"` + Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"` } func (x *GeneratePasswordFromPolicyReply) Reset() { @@ -3113,7 +3109,7 @@ type Connection struct { unknownFields protoimpl.UnknownFields // RemoteAddr is the network address that sent the request. - RemoteAddr string `sentinel:"" protobuf:"bytes,1,opt,name=remote_addr,json=remoteAddr,proto3" json:"remote_addr,omitempty"` + RemoteAddr string `protobuf:"bytes,1,opt,name=remote_addr,json=remoteAddr,proto3" json:"remote_addr,omitempty"` } func (x *Connection) Reset() { @@ -4364,1089 +4360,3 @@ func file_sdk_plugin_pb_backend_proto_init() { file_sdk_plugin_pb_backend_proto_goTypes = nil file_sdk_plugin_pb_backend_proto_depIDxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// BackendClient is the client API for Backend service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type BackendClient interface { - // HandleRequest is used to handle a request and generate a response. - // The plugins must check the operation type and handle appropriately. - HandleRequest(ctx context.Context, in *HandleRequestArgs, opts ...grpc.CallOption) (*HandleRequestReply, error) - // SpecialPaths is a list of paths that are special in some way. - // See PathType for the types of special paths. The key is the type - // of the special path, and the value is a list of paths for this type. - // This is not a regular expression but is an exact match. If the path - // ends in '*' then it is a prefix-based match. The '*' can only appear - // at the end. - SpecialPaths(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*SpecialPathsReply, error) - // HandleExistenceCheck is used to handle a request and generate a response - // indicating whether the given path exists or not; this is used to - // understand whether the request must have a Create or Update capability - // ACL applied. The first bool indicates whether an existence check - // function was found for the backend; the second indicates whether, if an - // existence check function was found, the item exists or not. - HandleExistenceCheck(ctx context.Context, in *HandleExistenceCheckArgs, opts ...grpc.CallOption) (*HandleExistenceCheckReply, error) - // Cleanup is invoked during an unmount of a backend to allow it to - // handle any cleanup like connection closing or releasing of file handles. - // Cleanup is called right before Vault closes the plugin process. - Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) - // InvalidateKey may be invoked when an object is modified that belongs - // to the backend. The backend can use this to clear any caches or reset - // internal state as needed. - InvalidateKey(ctx context.Context, in *InvalidateKeyArgs, opts ...grpc.CallOption) (*Empty, error) - // Setup is used to set up the backend based on the provided backend - // configuration. The plugin's setup implementation should use the provided - // broker_id to create a connection back to Vault for use with the Storage - // and SystemView clients. - Setup(ctx context.Context, in *SetupArgs, opts ...grpc.CallOption) (*SetupReply, error) - // Initialize is invoked just after mounting a backend to allow it to - // handle any initialization tasks that need to be performed. - Initialize(ctx context.Context, in *InitializeArgs, opts ...grpc.CallOption) (*InitializeReply, error) - // Type returns the BackendType for the particular backend - Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeReply, error) -} - -type backendClient struct { - cc grpc.ClientConnInterface -} - -func NewBackendClient(cc grpc.ClientConnInterface) BackendClient { - return &backendClient{cc} -} - -func (c *backendClient) HandleRequest(ctx context.Context, in *HandleRequestArgs, opts ...grpc.CallOption) (*HandleRequestReply, error) { - out := new(HandleRequestReply) - err := c.cc.Invoke(ctx, "/pb.Backend/HandleRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) SpecialPaths(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*SpecialPathsReply, error) { - out := new(SpecialPathsReply) - err := c.cc.Invoke(ctx, "/pb.Backend/SpecialPaths", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) HandleExistenceCheck(ctx context.Context, in *HandleExistenceCheckArgs, opts ...grpc.CallOption) (*HandleExistenceCheckReply, error) { - out := new(HandleExistenceCheckReply) - err := c.cc.Invoke(ctx, "/pb.Backend/HandleExistenceCheck", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/pb.Backend/Cleanup", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) InvalidateKey(ctx context.Context, in *InvalidateKeyArgs, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/pb.Backend/InvalidateKey", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) Setup(ctx context.Context, in *SetupArgs, opts ...grpc.CallOption) (*SetupReply, error) { - out := new(SetupReply) - err := c.cc.Invoke(ctx, "/pb.Backend/Setup", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) Initialize(ctx context.Context, in *InitializeArgs, opts ...grpc.CallOption) (*InitializeReply, error) { - out := new(InitializeReply) - err := c.cc.Invoke(ctx, "/pb.Backend/Initialize", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *backendClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeReply, error) { - out := new(TypeReply) - err := c.cc.Invoke(ctx, "/pb.Backend/Type", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// BackendServer is the server API for Backend service. -type BackendServer interface { - // HandleRequest is used to handle a request and generate a response. - // The plugins must check the operation type and handle appropriately. - HandleRequest(context.Context, *HandleRequestArgs) (*HandleRequestReply, error) - // SpecialPaths is a list of paths that are special in some way. - // See PathType for the types of special paths. The key is the type - // of the special path, and the value is a list of paths for this type. - // This is not a regular expression but is an exact match. If the path - // ends in '*' then it is a prefix-based match. The '*' can only appear - // at the end. - SpecialPaths(context.Context, *Empty) (*SpecialPathsReply, error) - // HandleExistenceCheck is used to handle a request and generate a response - // indicating whether the given path exists or not; this is used to - // understand whether the request must have a Create or Update capability - // ACL applied. The first bool indicates whether an existence check - // function was found for the backend; the second indicates whether, if an - // existence check function was found, the item exists or not. - HandleExistenceCheck(context.Context, *HandleExistenceCheckArgs) (*HandleExistenceCheckReply, error) - // Cleanup is invoked during an unmount of a backend to allow it to - // handle any cleanup like connection closing or releasing of file handles. - // Cleanup is called right before Vault closes the plugin process. - Cleanup(context.Context, *Empty) (*Empty, error) - // InvalidateKey may be invoked when an object is modified that belongs - // to the backend. The backend can use this to clear any caches or reset - // internal state as needed. - InvalidateKey(context.Context, *InvalidateKeyArgs) (*Empty, error) - // Setup is used to set up the backend based on the provided backend - // configuration. The plugin's setup implementation should use the provided - // broker_id to create a connection back to Vault for use with the Storage - // and SystemView clients. - Setup(context.Context, *SetupArgs) (*SetupReply, error) - // Initialize is invoked just after mounting a backend to allow it to - // handle any initialization tasks that need to be performed. - Initialize(context.Context, *InitializeArgs) (*InitializeReply, error) - // Type returns the BackendType for the particular backend - Type(context.Context, *Empty) (*TypeReply, error) -} - -// UnimplementedBackendServer can be embedded to have forward compatible implementations. -type UnimplementedBackendServer struct { -} - -func (*UnimplementedBackendServer) HandleRequest(context.Context, *HandleRequestArgs) (*HandleRequestReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method HandleRequest not implemented") -} -func (*UnimplementedBackendServer) SpecialPaths(context.Context, *Empty) (*SpecialPathsReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method SpecialPaths not implemented") -} -func (*UnimplementedBackendServer) HandleExistenceCheck(context.Context, *HandleExistenceCheckArgs) (*HandleExistenceCheckReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method HandleExistenceCheck not implemented") -} -func (*UnimplementedBackendServer) Cleanup(context.Context, *Empty) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Cleanup not implemented") -} -func (*UnimplementedBackendServer) InvalidateKey(context.Context, *InvalidateKeyArgs) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method InvalidateKey not implemented") -} -func (*UnimplementedBackendServer) Setup(context.Context, *SetupArgs) (*SetupReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Setup not implemented") -} -func (*UnimplementedBackendServer) Initialize(context.Context, *InitializeArgs) (*InitializeReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") -} -func (*UnimplementedBackendServer) Type(context.Context, *Empty) (*TypeReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") -} - -func RegisterBackendServer(s *grpc.Server, srv BackendServer) { - s.RegisterService(&_Backend_serviceDesc, srv) -} - -func _Backend_HandleRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(HandleRequestArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).HandleRequest(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/HandleRequest", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).HandleRequest(ctx, req.(*HandleRequestArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_SpecialPaths_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).SpecialPaths(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/SpecialPaths", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).SpecialPaths(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_HandleExistenceCheck_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(HandleExistenceCheckArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).HandleExistenceCheck(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/HandleExistenceCheck", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).HandleExistenceCheck(ctx, req.(*HandleExistenceCheckArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).Cleanup(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/Cleanup", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).Cleanup(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_InvalidateKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InvalidateKeyArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).InvalidateKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/InvalidateKey", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).InvalidateKey(ctx, req.(*InvalidateKeyArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_Setup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SetupArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).Setup(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/Setup", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).Setup(ctx, req.(*SetupArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitializeArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).Initialize(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/Initialize", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).Initialize(ctx, req.(*InitializeArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Backend_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(BackendServer).Type(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Backend/Type", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(BackendServer).Type(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _Backend_serviceDesc = grpc.ServiceDesc{ - ServiceName: "pb.Backend", - HandlerType: (*BackendServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "HandleRequest", - Handler: _Backend_HandleRequest_Handler, - }, - { - MethodName: "SpecialPaths", - Handler: _Backend_SpecialPaths_Handler, - }, - { - MethodName: "HandleExistenceCheck", - Handler: _Backend_HandleExistenceCheck_Handler, - }, - { - MethodName: "Cleanup", - Handler: _Backend_Cleanup_Handler, - }, - { - MethodName: "InvalidateKey", - Handler: _Backend_InvalidateKey_Handler, - }, - { - MethodName: "Setup", - Handler: _Backend_Setup_Handler, - }, - { - MethodName: "Initialize", - Handler: _Backend_Initialize_Handler, - }, - { - MethodName: "Type", - Handler: _Backend_Type_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "sdk/plugin/pb/backend.proto", -} - -// StorageClient is the client API for Storage service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type StorageClient interface { - List(ctx context.Context, in *StorageListArgs, opts ...grpc.CallOption) (*StorageListReply, error) - Get(ctx context.Context, in *StorageGetArgs, opts ...grpc.CallOption) (*StorageGetReply, error) - Put(ctx context.Context, in *StoragePutArgs, opts ...grpc.CallOption) (*StoragePutReply, error) - Delete(ctx context.Context, in *StorageDeleteArgs, opts ...grpc.CallOption) (*StorageDeleteReply, error) -} - -type storageClient struct { - cc grpc.ClientConnInterface -} - -func NewStorageClient(cc grpc.ClientConnInterface) StorageClient { - return &storageClient{cc} -} - -func (c *storageClient) List(ctx context.Context, in *StorageListArgs, opts ...grpc.CallOption) (*StorageListReply, error) { - out := new(StorageListReply) - err := c.cc.Invoke(ctx, "/pb.Storage/List", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *storageClient) Get(ctx context.Context, in *StorageGetArgs, opts ...grpc.CallOption) (*StorageGetReply, error) { - out := new(StorageGetReply) - err := c.cc.Invoke(ctx, "/pb.Storage/Get", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *storageClient) Put(ctx context.Context, in *StoragePutArgs, opts ...grpc.CallOption) (*StoragePutReply, error) { - out := new(StoragePutReply) - err := c.cc.Invoke(ctx, "/pb.Storage/Put", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *storageClient) Delete(ctx context.Context, in *StorageDeleteArgs, opts ...grpc.CallOption) (*StorageDeleteReply, error) { - out := new(StorageDeleteReply) - err := c.cc.Invoke(ctx, "/pb.Storage/Delete", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// StorageServer is the server API for Storage service. -type StorageServer interface { - List(context.Context, *StorageListArgs) (*StorageListReply, error) - Get(context.Context, *StorageGetArgs) (*StorageGetReply, error) - Put(context.Context, *StoragePutArgs) (*StoragePutReply, error) - Delete(context.Context, *StorageDeleteArgs) (*StorageDeleteReply, error) -} - -// UnimplementedStorageServer can be embedded to have forward compatible implementations. -type UnimplementedStorageServer struct { -} - -func (*UnimplementedStorageServer) List(context.Context, *StorageListArgs) (*StorageListReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method List not implemented") -} -func (*UnimplementedStorageServer) Get(context.Context, *StorageGetArgs) (*StorageGetReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Get not implemented") -} -func (*UnimplementedStorageServer) Put(context.Context, *StoragePutArgs) (*StoragePutReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Put not implemented") -} -func (*UnimplementedStorageServer) Delete(context.Context, *StorageDeleteArgs) (*StorageDeleteReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") -} - -func RegisterStorageServer(s *grpc.Server, srv StorageServer) { - s.RegisterService(&_Storage_serviceDesc, srv) -} - -func _Storage_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StorageListArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageServer).List(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Storage/List", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageServer).List(ctx, req.(*StorageListArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Storage_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StorageGetArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageServer).Get(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Storage/Get", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageServer).Get(ctx, req.(*StorageGetArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Storage_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StoragePutArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageServer).Put(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Storage/Put", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageServer).Put(ctx, req.(*StoragePutArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _Storage_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(StorageDeleteArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(StorageServer).Delete(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.Storage/Delete", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(StorageServer).Delete(ctx, req.(*StorageDeleteArgs)) - } - return interceptor(ctx, in, info, handler) -} - -var _Storage_serviceDesc = grpc.ServiceDesc{ - ServiceName: "pb.Storage", - HandlerType: (*StorageServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "List", - Handler: _Storage_List_Handler, - }, - { - MethodName: "Get", - Handler: _Storage_Get_Handler, - }, - { - MethodName: "Put", - Handler: _Storage_Put_Handler, - }, - { - MethodName: "Delete", - Handler: _Storage_Delete_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "sdk/plugin/pb/backend.proto", -} - -// SystemViewClient is the client API for SystemView service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type SystemViewClient interface { - // DefaultLeaseTTL returns the default lease TTL set in Vault configuration - DefaultLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) - // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend - // authors should take care not to issue credentials that last longer than - // this value, as Vault will revoke them - MaxLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) - // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the - // process of being unmounted. This should only be used in special - // circumstances; a primary use-case is as a guard in revocation functions. - // If revocation of a backend's leases fails it can keep the unmounting - // process from being successful. If the reason for this failure is not - // relevant when the mount is tainted (for instance, saving a CRL to disk - // when the stored CRL will be removed during the unmounting process - // anyways), we can ignore the errors to allow unmounting to complete. - Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) - // CachingDisabled returns true if caching is disabled. If true, no caches - // should be used, despite known slowdowns. - CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) - // ReplicationState indicates the state of cluster replication - ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) - // ResponseWrapData wraps the given data in a cubbyhole and returns the - // token used to unwrap. - ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) - // MlockEnabled returns the configuration setting for enabling mlock on - // plugins. - MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) - // LocalMount, when run from a system view attached to a request, indicates - // whether the request is affecting a local mount or not - LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) - // EntityInfo returns the basic entity information for the given entity id - EntityInfo(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*EntityInfoReply, error) - // PluginEnv returns Vault environment information used by plugins - PluginEnv(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*PluginEnvReply, error) - // GroupsForEntity returns the group membership information for the given - // entity id - GroupsForEntity(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*GroupsForEntityReply, error) - // GeneratePasswordFromPolicy generates a password from an existing password policy - GeneratePasswordFromPolicy(ctx context.Context, in *GeneratePasswordFromPolicyRequest, opts ...grpc.CallOption) (*GeneratePasswordFromPolicyReply, error) -} - -type systemViewClient struct { - cc grpc.ClientConnInterface -} - -func NewSystemViewClient(cc grpc.ClientConnInterface) SystemViewClient { - return &systemViewClient{cc} -} - -func (c *systemViewClient) DefaultLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) { - out := new(TTLReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/DefaultLeaseTTL", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) MaxLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) { - out := new(TTLReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/MaxLeaseTTL", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) { - out := new(TaintedReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/Tainted", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) { - out := new(CachingDisabledReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/CachingDisabled", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) { - out := new(ReplicationStateReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/ReplicationState", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) { - out := new(ResponseWrapDataReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/ResponseWrapData", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) { - out := new(MlockEnabledReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/MlockEnabled", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) { - out := new(LocalMountReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/LocalMount", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) EntityInfo(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*EntityInfoReply, error) { - out := new(EntityInfoReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/EntityInfo", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) PluginEnv(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*PluginEnvReply, error) { - out := new(PluginEnvReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/PluginEnv", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) GroupsForEntity(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*GroupsForEntityReply, error) { - out := new(GroupsForEntityReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/GroupsForEntity", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *systemViewClient) GeneratePasswordFromPolicy(ctx context.Context, in *GeneratePasswordFromPolicyRequest, opts ...grpc.CallOption) (*GeneratePasswordFromPolicyReply, error) { - out := new(GeneratePasswordFromPolicyReply) - err := c.cc.Invoke(ctx, "/pb.SystemView/GeneratePasswordFromPolicy", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// SystemViewServer is the server API for SystemView service. -type SystemViewServer interface { - // DefaultLeaseTTL returns the default lease TTL set in Vault configuration - DefaultLeaseTTL(context.Context, *Empty) (*TTLReply, error) - // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend - // authors should take care not to issue credentials that last longer than - // this value, as Vault will revoke them - MaxLeaseTTL(context.Context, *Empty) (*TTLReply, error) - // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the - // process of being unmounted. This should only be used in special - // circumstances; a primary use-case is as a guard in revocation functions. - // If revocation of a backend's leases fails it can keep the unmounting - // process from being successful. If the reason for this failure is not - // relevant when the mount is tainted (for instance, saving a CRL to disk - // when the stored CRL will be removed during the unmounting process - // anyways), we can ignore the errors to allow unmounting to complete. - Tainted(context.Context, *Empty) (*TaintedReply, error) - // CachingDisabled returns true if caching is disabled. If true, no caches - // should be used, despite known slowdowns. - CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) - // ReplicationState indicates the state of cluster replication - ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) - // ResponseWrapData wraps the given data in a cubbyhole and returns the - // token used to unwrap. - ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) - // MlockEnabled returns the configuration setting for enabling mlock on - // plugins. - MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) - // LocalMount, when run from a system view attached to a request, indicates - // whether the request is affecting a local mount or not - LocalMount(context.Context, *Empty) (*LocalMountReply, error) - // EntityInfo returns the basic entity information for the given entity id - EntityInfo(context.Context, *EntityInfoArgs) (*EntityInfoReply, error) - // PluginEnv returns Vault environment information used by plugins - PluginEnv(context.Context, *Empty) (*PluginEnvReply, error) - // GroupsForEntity returns the group membership information for the given - // entity id - GroupsForEntity(context.Context, *EntityInfoArgs) (*GroupsForEntityReply, error) - // GeneratePasswordFromPolicy generates a password from an existing password policy - GeneratePasswordFromPolicy(context.Context, *GeneratePasswordFromPolicyRequest) (*GeneratePasswordFromPolicyReply, error) -} - -// UnimplementedSystemViewServer can be embedded to have forward compatible implementations. -type UnimplementedSystemViewServer struct { -} - -func (*UnimplementedSystemViewServer) DefaultLeaseTTL(context.Context, *Empty) (*TTLReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method DefaultLeaseTTL not implemented") -} -func (*UnimplementedSystemViewServer) MaxLeaseTTL(context.Context, *Empty) (*TTLReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method MaxLeaseTTL not implemented") -} -func (*UnimplementedSystemViewServer) Tainted(context.Context, *Empty) (*TaintedReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Tainted not implemented") -} -func (*UnimplementedSystemViewServer) CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method CachingDisabled not implemented") -} -func (*UnimplementedSystemViewServer) ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method ReplicationState not implemented") -} -func (*UnimplementedSystemViewServer) ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResponseWrapData not implemented") -} -func (*UnimplementedSystemViewServer) MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method MlockEnabled not implemented") -} -func (*UnimplementedSystemViewServer) LocalMount(context.Context, *Empty) (*LocalMountReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method LocalMount not implemented") -} -func (*UnimplementedSystemViewServer) EntityInfo(context.Context, *EntityInfoArgs) (*EntityInfoReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method EntityInfo not implemented") -} -func (*UnimplementedSystemViewServer) PluginEnv(context.Context, *Empty) (*PluginEnvReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method PluginEnv not implemented") -} -func (*UnimplementedSystemViewServer) GroupsForEntity(context.Context, *EntityInfoArgs) (*GroupsForEntityReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method GroupsForEntity not implemented") -} -func (*UnimplementedSystemViewServer) GeneratePasswordFromPolicy(context.Context, *GeneratePasswordFromPolicyRequest) (*GeneratePasswordFromPolicyReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method GeneratePasswordFromPolicy not implemented") -} - -func RegisterSystemViewServer(s *grpc.Server, srv SystemViewServer) { - s.RegisterService(&_SystemView_serviceDesc, srv) -} - -func _SystemView_DefaultLeaseTTL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).DefaultLeaseTTL(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/DefaultLeaseTTL", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).DefaultLeaseTTL(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_MaxLeaseTTL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).MaxLeaseTTL(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/MaxLeaseTTL", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).MaxLeaseTTL(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_Tainted_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).Tainted(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/Tainted", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).Tainted(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_CachingDisabled_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).CachingDisabled(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/CachingDisabled", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).CachingDisabled(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_ReplicationState_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).ReplicationState(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/ReplicationState", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).ReplicationState(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_ResponseWrapData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ResponseWrapDataArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).ResponseWrapData(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/ResponseWrapData", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).ResponseWrapData(ctx, req.(*ResponseWrapDataArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_MlockEnabled_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).MlockEnabled(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/MlockEnabled", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).MlockEnabled(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_LocalMount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).LocalMount(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/LocalMount", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).LocalMount(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_EntityInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EntityInfoArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).EntityInfo(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/EntityInfo", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).EntityInfo(ctx, req.(*EntityInfoArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_PluginEnv_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).PluginEnv(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/PluginEnv", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).PluginEnv(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_GroupsForEntity_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EntityInfoArgs) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).GroupsForEntity(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/GroupsForEntity", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).GroupsForEntity(ctx, req.(*EntityInfoArgs)) - } - return interceptor(ctx, in, info, handler) -} - -func _SystemView_GeneratePasswordFromPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GeneratePasswordFromPolicyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(SystemViewServer).GeneratePasswordFromPolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/pb.SystemView/GeneratePasswordFromPolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SystemViewServer).GeneratePasswordFromPolicy(ctx, req.(*GeneratePasswordFromPolicyRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _SystemView_serviceDesc = grpc.ServiceDesc{ - ServiceName: "pb.SystemView", - HandlerType: (*SystemViewServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "DefaultLeaseTTL", - Handler: _SystemView_DefaultLeaseTTL_Handler, - }, - { - MethodName: "MaxLeaseTTL", - Handler: _SystemView_MaxLeaseTTL_Handler, - }, - { - MethodName: "Tainted", - Handler: _SystemView_Tainted_Handler, - }, - { - MethodName: "CachingDisabled", - Handler: _SystemView_CachingDisabled_Handler, - }, - { - MethodName: "ReplicationState", - Handler: _SystemView_ReplicationState_Handler, - }, - { - MethodName: "ResponseWrapData", - Handler: _SystemView_ResponseWrapData_Handler, - }, - { - MethodName: "MlockEnabled", - Handler: _SystemView_MlockEnabled_Handler, - }, - { - MethodName: "LocalMount", - Handler: _SystemView_LocalMount_Handler, - }, - { - MethodName: "EntityInfo", - Handler: _SystemView_EntityInfo_Handler, - }, - { - MethodName: "PluginEnv", - Handler: _SystemView_PluginEnv_Handler, - }, - { - MethodName: "GroupsForEntity", - Handler: _SystemView_GroupsForEntity_Handler, - }, - { - MethodName: "GeneratePasswordFromPolicy", - Handler: _SystemView_GeneratePasswordFromPolicy_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "sdk/plugin/pb/backend.proto", -} diff --git a/sdk/plugin/pb/backend_grpc.pb.go b/sdk/plugin/pb/backend_grpc.pb.go new file mode 100644 index 000000000..9be6bacdc --- /dev/null +++ b/sdk/plugin/pb/backend_grpc.pb.go @@ -0,0 +1,1135 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package pb + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// BackendClient is the client API for Backend service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type BackendClient interface { + // HandleRequest is used to handle a request and generate a response. + // The plugins must check the operation type and handle appropriately. + HandleRequest(ctx context.Context, in *HandleRequestArgs, opts ...grpc.CallOption) (*HandleRequestReply, error) + // SpecialPaths is a list of paths that are special in some way. + // See PathType for the types of special paths. The key is the type + // of the special path, and the value is a list of paths for this type. + // This is not a regular expression but is an exact match. If the path + // ends in '*' then it is a prefix-based match. The '*' can only appear + // at the end. + SpecialPaths(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*SpecialPathsReply, error) + // HandleExistenceCheck is used to handle a request and generate a response + // indicating whether the given path exists or not; this is used to + // understand whether the request must have a Create or Update capability + // ACL applied. The first bool indicates whether an existence check + // function was found for the backend; the second indicates whether, if an + // existence check function was found, the item exists or not. + HandleExistenceCheck(ctx context.Context, in *HandleExistenceCheckArgs, opts ...grpc.CallOption) (*HandleExistenceCheckReply, error) + // Cleanup is invoked during an unmount of a backend to allow it to + // handle any cleanup like connection closing or releasing of file handles. + // Cleanup is called right before Vault closes the plugin process. + Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) + // InvalidateKey may be invoked when an object is modified that belongs + // to the backend. The backend can use this to clear any caches or reset + // internal state as needed. + InvalidateKey(ctx context.Context, in *InvalidateKeyArgs, opts ...grpc.CallOption) (*Empty, error) + // Setup is used to set up the backend based on the provided backend + // configuration. The plugin's setup implementation should use the provided + // broker_id to create a connection back to Vault for use with the Storage + // and SystemView clients. + Setup(ctx context.Context, in *SetupArgs, opts ...grpc.CallOption) (*SetupReply, error) + // Initialize is invoked just after mounting a backend to allow it to + // handle any initialization tasks that need to be performed. + Initialize(ctx context.Context, in *InitializeArgs, opts ...grpc.CallOption) (*InitializeReply, error) + // Type returns the BackendType for the particular backend + Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeReply, error) +} + +type backendClient struct { + cc grpc.ClientConnInterface +} + +func NewBackendClient(cc grpc.ClientConnInterface) BackendClient { + return &backendClient{cc} +} + +func (c *backendClient) HandleRequest(ctx context.Context, in *HandleRequestArgs, opts ...grpc.CallOption) (*HandleRequestReply, error) { + out := new(HandleRequestReply) + err := c.cc.Invoke(ctx, "/pb.Backend/HandleRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) SpecialPaths(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*SpecialPathsReply, error) { + out := new(SpecialPathsReply) + err := c.cc.Invoke(ctx, "/pb.Backend/SpecialPaths", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) HandleExistenceCheck(ctx context.Context, in *HandleExistenceCheckArgs, opts ...grpc.CallOption) (*HandleExistenceCheckReply, error) { + out := new(HandleExistenceCheckReply) + err := c.cc.Invoke(ctx, "/pb.Backend/HandleExistenceCheck", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/pb.Backend/Cleanup", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) InvalidateKey(ctx context.Context, in *InvalidateKeyArgs, opts ...grpc.CallOption) (*Empty, error) { + out := new(Empty) + err := c.cc.Invoke(ctx, "/pb.Backend/InvalidateKey", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) Setup(ctx context.Context, in *SetupArgs, opts ...grpc.CallOption) (*SetupReply, error) { + out := new(SetupReply) + err := c.cc.Invoke(ctx, "/pb.Backend/Setup", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) Initialize(ctx context.Context, in *InitializeArgs, opts ...grpc.CallOption) (*InitializeReply, error) { + out := new(InitializeReply) + err := c.cc.Invoke(ctx, "/pb.Backend/Initialize", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *backendClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeReply, error) { + out := new(TypeReply) + err := c.cc.Invoke(ctx, "/pb.Backend/Type", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// BackendServer is the server API for Backend service. +// All implementations must embed UnimplementedBackendServer +// for forward compatibility +type BackendServer interface { + // HandleRequest is used to handle a request and generate a response. + // The plugins must check the operation type and handle appropriately. + HandleRequest(context.Context, *HandleRequestArgs) (*HandleRequestReply, error) + // SpecialPaths is a list of paths that are special in some way. + // See PathType for the types of special paths. The key is the type + // of the special path, and the value is a list of paths for this type. + // This is not a regular expression but is an exact match. If the path + // ends in '*' then it is a prefix-based match. The '*' can only appear + // at the end. + SpecialPaths(context.Context, *Empty) (*SpecialPathsReply, error) + // HandleExistenceCheck is used to handle a request and generate a response + // indicating whether the given path exists or not; this is used to + // understand whether the request must have a Create or Update capability + // ACL applied. The first bool indicates whether an existence check + // function was found for the backend; the second indicates whether, if an + // existence check function was found, the item exists or not. + HandleExistenceCheck(context.Context, *HandleExistenceCheckArgs) (*HandleExistenceCheckReply, error) + // Cleanup is invoked during an unmount of a backend to allow it to + // handle any cleanup like connection closing or releasing of file handles. + // Cleanup is called right before Vault closes the plugin process. + Cleanup(context.Context, *Empty) (*Empty, error) + // InvalidateKey may be invoked when an object is modified that belongs + // to the backend. The backend can use this to clear any caches or reset + // internal state as needed. + InvalidateKey(context.Context, *InvalidateKeyArgs) (*Empty, error) + // Setup is used to set up the backend based on the provided backend + // configuration. The plugin's setup implementation should use the provided + // broker_id to create a connection back to Vault for use with the Storage + // and SystemView clients. + Setup(context.Context, *SetupArgs) (*SetupReply, error) + // Initialize is invoked just after mounting a backend to allow it to + // handle any initialization tasks that need to be performed. + Initialize(context.Context, *InitializeArgs) (*InitializeReply, error) + // Type returns the BackendType for the particular backend + Type(context.Context, *Empty) (*TypeReply, error) + mustEmbedUnimplementedBackendServer() +} + +// UnimplementedBackendServer must be embedded to have forward compatible implementations. +type UnimplementedBackendServer struct { +} + +func (UnimplementedBackendServer) HandleRequest(context.Context, *HandleRequestArgs) (*HandleRequestReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method HandleRequest not implemented") +} +func (UnimplementedBackendServer) SpecialPaths(context.Context, *Empty) (*SpecialPathsReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method SpecialPaths not implemented") +} +func (UnimplementedBackendServer) HandleExistenceCheck(context.Context, *HandleExistenceCheckArgs) (*HandleExistenceCheckReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method HandleExistenceCheck not implemented") +} +func (UnimplementedBackendServer) Cleanup(context.Context, *Empty) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method Cleanup not implemented") +} +func (UnimplementedBackendServer) InvalidateKey(context.Context, *InvalidateKeyArgs) (*Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method InvalidateKey not implemented") +} +func (UnimplementedBackendServer) Setup(context.Context, *SetupArgs) (*SetupReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Setup not implemented") +} +func (UnimplementedBackendServer) Initialize(context.Context, *InitializeArgs) (*InitializeReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") +} +func (UnimplementedBackendServer) Type(context.Context, *Empty) (*TypeReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") +} +func (UnimplementedBackendServer) mustEmbedUnimplementedBackendServer() {} + +// UnsafeBackendServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to BackendServer will +// result in compilation errors. +type UnsafeBackendServer interface { + mustEmbedUnimplementedBackendServer() +} + +func RegisterBackendServer(s grpc.ServiceRegistrar, srv BackendServer) { + s.RegisterService(&Backend_ServiceDesc, srv) +} + +func _Backend_HandleRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HandleRequestArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).HandleRequest(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/HandleRequest", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).HandleRequest(ctx, req.(*HandleRequestArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_SpecialPaths_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).SpecialPaths(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/SpecialPaths", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).SpecialPaths(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_HandleExistenceCheck_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HandleExistenceCheckArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).HandleExistenceCheck(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/HandleExistenceCheck", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).HandleExistenceCheck(ctx, req.(*HandleExistenceCheckArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).Cleanup(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/Cleanup", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).Cleanup(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_InvalidateKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InvalidateKeyArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).InvalidateKey(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/InvalidateKey", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).InvalidateKey(ctx, req.(*InvalidateKeyArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_Setup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SetupArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).Setup(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/Setup", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).Setup(ctx, req.(*SetupArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(InitializeArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).Initialize(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/Initialize", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).Initialize(ctx, req.(*InitializeArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Backend_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BackendServer).Type(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Backend/Type", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BackendServer).Type(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +// Backend_ServiceDesc is the grpc.ServiceDesc for Backend service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Backend_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "pb.Backend", + HandlerType: (*BackendServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "HandleRequest", + Handler: _Backend_HandleRequest_Handler, + }, + { + MethodName: "SpecialPaths", + Handler: _Backend_SpecialPaths_Handler, + }, + { + MethodName: "HandleExistenceCheck", + Handler: _Backend_HandleExistenceCheck_Handler, + }, + { + MethodName: "Cleanup", + Handler: _Backend_Cleanup_Handler, + }, + { + MethodName: "InvalidateKey", + Handler: _Backend_InvalidateKey_Handler, + }, + { + MethodName: "Setup", + Handler: _Backend_Setup_Handler, + }, + { + MethodName: "Initialize", + Handler: _Backend_Initialize_Handler, + }, + { + MethodName: "Type", + Handler: _Backend_Type_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "sdk/plugin/pb/backend.proto", +} + +// StorageClient is the client API for Storage service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type StorageClient interface { + List(ctx context.Context, in *StorageListArgs, opts ...grpc.CallOption) (*StorageListReply, error) + Get(ctx context.Context, in *StorageGetArgs, opts ...grpc.CallOption) (*StorageGetReply, error) + Put(ctx context.Context, in *StoragePutArgs, opts ...grpc.CallOption) (*StoragePutReply, error) + Delete(ctx context.Context, in *StorageDeleteArgs, opts ...grpc.CallOption) (*StorageDeleteReply, error) +} + +type storageClient struct { + cc grpc.ClientConnInterface +} + +func NewStorageClient(cc grpc.ClientConnInterface) StorageClient { + return &storageClient{cc} +} + +func (c *storageClient) List(ctx context.Context, in *StorageListArgs, opts ...grpc.CallOption) (*StorageListReply, error) { + out := new(StorageListReply) + err := c.cc.Invoke(ctx, "/pb.Storage/List", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *storageClient) Get(ctx context.Context, in *StorageGetArgs, opts ...grpc.CallOption) (*StorageGetReply, error) { + out := new(StorageGetReply) + err := c.cc.Invoke(ctx, "/pb.Storage/Get", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *storageClient) Put(ctx context.Context, in *StoragePutArgs, opts ...grpc.CallOption) (*StoragePutReply, error) { + out := new(StoragePutReply) + err := c.cc.Invoke(ctx, "/pb.Storage/Put", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *storageClient) Delete(ctx context.Context, in *StorageDeleteArgs, opts ...grpc.CallOption) (*StorageDeleteReply, error) { + out := new(StorageDeleteReply) + err := c.cc.Invoke(ctx, "/pb.Storage/Delete", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// StorageServer is the server API for Storage service. +// All implementations must embed UnimplementedStorageServer +// for forward compatibility +type StorageServer interface { + List(context.Context, *StorageListArgs) (*StorageListReply, error) + Get(context.Context, *StorageGetArgs) (*StorageGetReply, error) + Put(context.Context, *StoragePutArgs) (*StoragePutReply, error) + Delete(context.Context, *StorageDeleteArgs) (*StorageDeleteReply, error) + mustEmbedUnimplementedStorageServer() +} + +// UnimplementedStorageServer must be embedded to have forward compatible implementations. +type UnimplementedStorageServer struct { +} + +func (UnimplementedStorageServer) List(context.Context, *StorageListArgs) (*StorageListReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method List not implemented") +} +func (UnimplementedStorageServer) Get(context.Context, *StorageGetArgs) (*StorageGetReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Get not implemented") +} +func (UnimplementedStorageServer) Put(context.Context, *StoragePutArgs) (*StoragePutReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Put not implemented") +} +func (UnimplementedStorageServer) Delete(context.Context, *StorageDeleteArgs) (*StorageDeleteReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") +} +func (UnimplementedStorageServer) mustEmbedUnimplementedStorageServer() {} + +// UnsafeStorageServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to StorageServer will +// result in compilation errors. +type UnsafeStorageServer interface { + mustEmbedUnimplementedStorageServer() +} + +func RegisterStorageServer(s grpc.ServiceRegistrar, srv StorageServer) { + s.RegisterService(&Storage_ServiceDesc, srv) +} + +func _Storage_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StorageListArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(StorageServer).List(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Storage/List", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(StorageServer).List(ctx, req.(*StorageListArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Storage_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StorageGetArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(StorageServer).Get(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Storage/Get", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(StorageServer).Get(ctx, req.(*StorageGetArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Storage_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StoragePutArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(StorageServer).Put(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Storage/Put", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(StorageServer).Put(ctx, req.(*StoragePutArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _Storage_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StorageDeleteArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(StorageServer).Delete(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.Storage/Delete", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(StorageServer).Delete(ctx, req.(*StorageDeleteArgs)) + } + return interceptor(ctx, in, info, handler) +} + +// Storage_ServiceDesc is the grpc.ServiceDesc for Storage service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Storage_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "pb.Storage", + HandlerType: (*StorageServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "List", + Handler: _Storage_List_Handler, + }, + { + MethodName: "Get", + Handler: _Storage_Get_Handler, + }, + { + MethodName: "Put", + Handler: _Storage_Put_Handler, + }, + { + MethodName: "Delete", + Handler: _Storage_Delete_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "sdk/plugin/pb/backend.proto", +} + +// SystemViewClient is the client API for SystemView service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type SystemViewClient interface { + // DefaultLeaseTTL returns the default lease TTL set in Vault configuration + DefaultLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) + // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend + // authors should take care not to issue credentials that last longer than + // this value, as Vault will revoke them + MaxLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) + // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the + // process of being unmounted. This should only be used in special + // circumstances; a primary use-case is as a guard in revocation functions. + // If revocation of a backend's leases fails it can keep the unmounting + // process from being successful. If the reason for this failure is not + // relevant when the mount is tainted (for instance, saving a CRL to disk + // when the stored CRL will be removed during the unmounting process + // anyways), we can ignore the errors to allow unmounting to complete. + Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. + CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) + // ReplicationState indicates the state of cluster replication + ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) + // ResponseWrapData wraps the given data in a cubbyhole and returns the + // token used to unwrap. + ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) + // MlockEnabled returns the configuration setting for enabling mlock on + // plugins. + MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not + LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) + // EntityInfo returns the basic entity information for the given entity id + EntityInfo(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*EntityInfoReply, error) + // PluginEnv returns Vault environment information used by plugins + PluginEnv(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*PluginEnvReply, error) + // GroupsForEntity returns the group membership information for the given + // entity id + GroupsForEntity(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*GroupsForEntityReply, error) + // GeneratePasswordFromPolicy generates a password from an existing password policy + GeneratePasswordFromPolicy(ctx context.Context, in *GeneratePasswordFromPolicyRequest, opts ...grpc.CallOption) (*GeneratePasswordFromPolicyReply, error) +} + +type systemViewClient struct { + cc grpc.ClientConnInterface +} + +func NewSystemViewClient(cc grpc.ClientConnInterface) SystemViewClient { + return &systemViewClient{cc} +} + +func (c *systemViewClient) DefaultLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) { + out := new(TTLReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/DefaultLeaseTTL", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) MaxLeaseTTL(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TTLReply, error) { + out := new(TTLReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/MaxLeaseTTL", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) Tainted(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TaintedReply, error) { + out := new(TaintedReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/Tainted", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) CachingDisabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*CachingDisabledReply, error) { + out := new(CachingDisabledReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/CachingDisabled", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) ReplicationState(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ReplicationStateReply, error) { + out := new(ReplicationStateReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/ReplicationState", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) ResponseWrapData(ctx context.Context, in *ResponseWrapDataArgs, opts ...grpc.CallOption) (*ResponseWrapDataReply, error) { + out := new(ResponseWrapDataReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/ResponseWrapData", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) MlockEnabled(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*MlockEnabledReply, error) { + out := new(MlockEnabledReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/MlockEnabled", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) LocalMount(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*LocalMountReply, error) { + out := new(LocalMountReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/LocalMount", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) EntityInfo(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*EntityInfoReply, error) { + out := new(EntityInfoReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/EntityInfo", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) PluginEnv(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*PluginEnvReply, error) { + out := new(PluginEnvReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/PluginEnv", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) GroupsForEntity(ctx context.Context, in *EntityInfoArgs, opts ...grpc.CallOption) (*GroupsForEntityReply, error) { + out := new(GroupsForEntityReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/GroupsForEntity", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *systemViewClient) GeneratePasswordFromPolicy(ctx context.Context, in *GeneratePasswordFromPolicyRequest, opts ...grpc.CallOption) (*GeneratePasswordFromPolicyReply, error) { + out := new(GeneratePasswordFromPolicyReply) + err := c.cc.Invoke(ctx, "/pb.SystemView/GeneratePasswordFromPolicy", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// SystemViewServer is the server API for SystemView service. +// All implementations must embed UnimplementedSystemViewServer +// for forward compatibility +type SystemViewServer interface { + // DefaultLeaseTTL returns the default lease TTL set in Vault configuration + DefaultLeaseTTL(context.Context, *Empty) (*TTLReply, error) + // MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend + // authors should take care not to issue credentials that last longer than + // this value, as Vault will revoke them + MaxLeaseTTL(context.Context, *Empty) (*TTLReply, error) + // Tainted, returns true if the mount is tainted. A mount is tainted if it is in the + // process of being unmounted. This should only be used in special + // circumstances; a primary use-case is as a guard in revocation functions. + // If revocation of a backend's leases fails it can keep the unmounting + // process from being successful. If the reason for this failure is not + // relevant when the mount is tainted (for instance, saving a CRL to disk + // when the stored CRL will be removed during the unmounting process + // anyways), we can ignore the errors to allow unmounting to complete. + Tainted(context.Context, *Empty) (*TaintedReply, error) + // CachingDisabled returns true if caching is disabled. If true, no caches + // should be used, despite known slowdowns. + CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) + // ReplicationState indicates the state of cluster replication + ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) + // ResponseWrapData wraps the given data in a cubbyhole and returns the + // token used to unwrap. + ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) + // MlockEnabled returns the configuration setting for enabling mlock on + // plugins. + MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) + // LocalMount, when run from a system view attached to a request, indicates + // whether the request is affecting a local mount or not + LocalMount(context.Context, *Empty) (*LocalMountReply, error) + // EntityInfo returns the basic entity information for the given entity id + EntityInfo(context.Context, *EntityInfoArgs) (*EntityInfoReply, error) + // PluginEnv returns Vault environment information used by plugins + PluginEnv(context.Context, *Empty) (*PluginEnvReply, error) + // GroupsForEntity returns the group membership information for the given + // entity id + GroupsForEntity(context.Context, *EntityInfoArgs) (*GroupsForEntityReply, error) + // GeneratePasswordFromPolicy generates a password from an existing password policy + GeneratePasswordFromPolicy(context.Context, *GeneratePasswordFromPolicyRequest) (*GeneratePasswordFromPolicyReply, error) + mustEmbedUnimplementedSystemViewServer() +} + +// UnimplementedSystemViewServer must be embedded to have forward compatible implementations. +type UnimplementedSystemViewServer struct { +} + +func (UnimplementedSystemViewServer) DefaultLeaseTTL(context.Context, *Empty) (*TTLReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method DefaultLeaseTTL not implemented") +} +func (UnimplementedSystemViewServer) MaxLeaseTTL(context.Context, *Empty) (*TTLReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method MaxLeaseTTL not implemented") +} +func (UnimplementedSystemViewServer) Tainted(context.Context, *Empty) (*TaintedReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Tainted not implemented") +} +func (UnimplementedSystemViewServer) CachingDisabled(context.Context, *Empty) (*CachingDisabledReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method CachingDisabled not implemented") +} +func (UnimplementedSystemViewServer) ReplicationState(context.Context, *Empty) (*ReplicationStateReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method ReplicationState not implemented") +} +func (UnimplementedSystemViewServer) ResponseWrapData(context.Context, *ResponseWrapDataArgs) (*ResponseWrapDataReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method ResponseWrapData not implemented") +} +func (UnimplementedSystemViewServer) MlockEnabled(context.Context, *Empty) (*MlockEnabledReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method MlockEnabled not implemented") +} +func (UnimplementedSystemViewServer) LocalMount(context.Context, *Empty) (*LocalMountReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method LocalMount not implemented") +} +func (UnimplementedSystemViewServer) EntityInfo(context.Context, *EntityInfoArgs) (*EntityInfoReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method EntityInfo not implemented") +} +func (UnimplementedSystemViewServer) PluginEnv(context.Context, *Empty) (*PluginEnvReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method PluginEnv not implemented") +} +func (UnimplementedSystemViewServer) GroupsForEntity(context.Context, *EntityInfoArgs) (*GroupsForEntityReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method GroupsForEntity not implemented") +} +func (UnimplementedSystemViewServer) GeneratePasswordFromPolicy(context.Context, *GeneratePasswordFromPolicyRequest) (*GeneratePasswordFromPolicyReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method GeneratePasswordFromPolicy not implemented") +} +func (UnimplementedSystemViewServer) mustEmbedUnimplementedSystemViewServer() {} + +// UnsafeSystemViewServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to SystemViewServer will +// result in compilation errors. +type UnsafeSystemViewServer interface { + mustEmbedUnimplementedSystemViewServer() +} + +func RegisterSystemViewServer(s grpc.ServiceRegistrar, srv SystemViewServer) { + s.RegisterService(&SystemView_ServiceDesc, srv) +} + +func _SystemView_DefaultLeaseTTL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).DefaultLeaseTTL(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/DefaultLeaseTTL", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).DefaultLeaseTTL(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_MaxLeaseTTL_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).MaxLeaseTTL(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/MaxLeaseTTL", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).MaxLeaseTTL(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_Tainted_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).Tainted(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/Tainted", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).Tainted(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_CachingDisabled_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).CachingDisabled(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/CachingDisabled", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).CachingDisabled(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_ReplicationState_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).ReplicationState(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/ReplicationState", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).ReplicationState(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_ResponseWrapData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ResponseWrapDataArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).ResponseWrapData(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/ResponseWrapData", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).ResponseWrapData(ctx, req.(*ResponseWrapDataArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_MlockEnabled_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).MlockEnabled(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/MlockEnabled", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).MlockEnabled(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_LocalMount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).LocalMount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/LocalMount", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).LocalMount(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_EntityInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EntityInfoArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).EntityInfo(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/EntityInfo", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).EntityInfo(ctx, req.(*EntityInfoArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_PluginEnv_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).PluginEnv(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/PluginEnv", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).PluginEnv(ctx, req.(*Empty)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_GroupsForEntity_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EntityInfoArgs) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).GroupsForEntity(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/GroupsForEntity", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).GroupsForEntity(ctx, req.(*EntityInfoArgs)) + } + return interceptor(ctx, in, info, handler) +} + +func _SystemView_GeneratePasswordFromPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GeneratePasswordFromPolicyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SystemViewServer).GeneratePasswordFromPolicy(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.SystemView/GeneratePasswordFromPolicy", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SystemViewServer).GeneratePasswordFromPolicy(ctx, req.(*GeneratePasswordFromPolicyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// SystemView_ServiceDesc is the grpc.ServiceDesc for SystemView service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var SystemView_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "pb.SystemView", + HandlerType: (*SystemViewServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "DefaultLeaseTTL", + Handler: _SystemView_DefaultLeaseTTL_Handler, + }, + { + MethodName: "MaxLeaseTTL", + Handler: _SystemView_MaxLeaseTTL_Handler, + }, + { + MethodName: "Tainted", + Handler: _SystemView_Tainted_Handler, + }, + { + MethodName: "CachingDisabled", + Handler: _SystemView_CachingDisabled_Handler, + }, + { + MethodName: "ReplicationState", + Handler: _SystemView_ReplicationState_Handler, + }, + { + MethodName: "ResponseWrapData", + Handler: _SystemView_ResponseWrapData_Handler, + }, + { + MethodName: "MlockEnabled", + Handler: _SystemView_MlockEnabled_Handler, + }, + { + MethodName: "LocalMount", + Handler: _SystemView_LocalMount_Handler, + }, + { + MethodName: "EntityInfo", + Handler: _SystemView_EntityInfo_Handler, + }, + { + MethodName: "PluginEnv", + Handler: _SystemView_PluginEnv_Handler, + }, + { + MethodName: "GroupsForEntity", + Handler: _SystemView_GroupsForEntity_Handler, + }, + { + MethodName: "GeneratePasswordFromPolicy", + Handler: _SystemView_GeneratePasswordFromPolicy_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "sdk/plugin/pb/backend.proto", +} diff --git a/tools/tools.go b/tools/tools.go index e00d243e1..6faebf36b 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -10,17 +10,14 @@ package tools -// use this instead of google.golang.org/protobuf/cmd/protoc-gen-go since this supports grpc plugin while the other does not. -// see https://github.com/golang/protobuf/releases#v1.4-generated-code and -// https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.20.0#v1.20-grpc-support -//go:generate go install github.com/golang/protobuf/protoc-gen-go //go:generate go install golang.org/x/tools/cmd/goimports //go:generate go install github.com/mitchellh/gox //go:generate go install github.com/client9/misspell/cmd/misspell //go:generate go install mvdan.cc/gofumpt +//go:generate go install google.golang.org/protobuf/cmd/protoc-gen-go +//go:generate go install google.golang.org/grpc/cmd/protoc-gen-go-grpc +//go:generate go install github.com/favadi/protoc-go-inject-tag import ( - _ "github.com/golang/protobuf/protoc-gen-go" - _ "golang.org/x/tools/cmd/goimports" _ "github.com/mitchellh/gox" @@ -28,4 +25,11 @@ import ( _ "github.com/client9/misspell/cmd/misspell" _ "mvdan.cc/gofumpt" + + _ "google.golang.org/protobuf/cmd/protoc-gen-go" + + _ "google.golang.org/grpc/cmd/protoc-gen-go-grpc" + + _ "github.com/favadi/protoc-go-inject-tag" +) ) diff --git a/vault/activity/activity_log.pb.go b/vault/activity/activity_log.pb.go index 3b5c90dba..ab60ae9f4 100644 --- a/vault/activity/activity_log.pb.go +++ b/vault/activity/activity_log.pb.go @@ -27,11 +27,11 @@ type EntityRecord struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - EntityID string `sentinel:"" protobuf:"bytes,1,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` - NamespaceID string `sentinel:"" protobuf:"bytes,2,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` + EntityID string `protobuf:"bytes,1,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"` + NamespaceID string `protobuf:"bytes,2,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` // using the Timestamp type would cost us an extra // 4 bytes per record to store nanoseconds. - Timestamp int64 `sentinel:"" protobuf:"varint,3,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + Timestamp int64 `protobuf:"varint,3,opt,name=timestamp,proto3" json:"timestamp,omitempty"` } func (x *EntityRecord) Reset() { @@ -94,12 +94,12 @@ type LogFragment struct { // hostname (or node ID?) where the fragment originated, // used for debugging. - OriginatingNode string `sentinel:"" protobuf:"bytes,1,opt,name=originating_node,json=originatingNode,proto3" json:"originating_node,omitempty"` + OriginatingNode string `protobuf:"bytes,1,opt,name=originating_node,json=originatingNode,proto3" json:"originating_node,omitempty"` // active entities not yet in a log segment - Entities []*EntityRecord `sentinel:"" protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"` + Entities []*EntityRecord `protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"` // token counts not yet in a log segment, // indexed by namespace ID - NonEntityTokens map[string]uint64 `sentinel:"" protobuf:"bytes,3,rep,name=non_entity_tokens,json=nonEntityTokens,proto3" json:"non_entity_tokens,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + NonEntityTokens map[string]uint64 `protobuf:"bytes,3,rep,name=non_entity_tokens,json=nonEntityTokens,proto3" json:"non_entity_tokens,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` } func (x *LogFragment) Reset() { @@ -160,7 +160,7 @@ type EntityActivityLog struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Entities []*EntityRecord `sentinel:"" protobuf:"bytes,1,rep,name=entities,proto3" json:"entities,omitempty"` + Entities []*EntityRecord `protobuf:"bytes,1,rep,name=entities,proto3" json:"entities,omitempty"` } func (x *EntityActivityLog) Reset() { @@ -207,7 +207,7 @@ type TokenCount struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CountByNamespaceID map[string]uint64 `sentinel:"" protobuf:"bytes,1,rep,name=count_by_namespace_id,json=countByNamespaceId,proto3" json:"count_by_namespace_id,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + CountByNamespaceID map[string]uint64 `protobuf:"bytes,1,rep,name=count_by_namespace_id,json=countByNamespaceId,proto3" json:"count_by_namespace_id,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` } func (x *TokenCount) Reset() { diff --git a/vault/cluster/cluster.go b/vault/cluster/cluster.go index 7b5c47cfb..a4680e75b 100644 --- a/vault/cluster/cluster.go +++ b/vault/cluster/cluster.go @@ -436,7 +436,7 @@ func (cl *Listener) GetDialerFunc(ctx context.Context, alpn string) func(string, } tlsConfig.NextProtos = []string{alpn} - cl.logger.Debug("creating rpc dialer", "alpn", alpn, "host", tlsConfig.ServerName) + cl.logger.Debug("creating rpc dialer", "address", addr, "alpn", alpn, "host", tlsConfig.ServerName) return cl.networkLayer.Dial(addr, timeout, tlsConfig) } diff --git a/vault/core.go b/vault/core.go index 61ab4f26b..49ca47ed3 100644 --- a/vault/core.go +++ b/vault/core.go @@ -66,16 +66,13 @@ const ( // The poison pill is used as a check during certain scenarios to indicate // to standby nodes that they should seal - poisonPillPath = "core/poison-pill" + poisonPillPath = "core/poison-pill" + poisonPillDRPath = "core/poison-pill-dr" // coreLeaderPrefix is the prefix used for the UUID that contains // the currently elected leader. coreLeaderPrefix = "core/leader/" - // knownPrimaryAddrsPrefix is used to store last-known cluster address - // information for primaries - knownPrimaryAddrsPrefix = "core/primary-addrs/" - // coreKeyringCanaryPath is used as a canary to indicate to replicated // clusters that they need to perform a rekey operation synchronously; this // isn't keyring-canary to avoid ignoring it when ignoring core/keyring diff --git a/vault/request_forwarding_rpc.go b/vault/request_forwarding_rpc.go index 02d3a9dbd..0388e4c67 100644 --- a/vault/request_forwarding_rpc.go +++ b/vault/request_forwarding_rpc.go @@ -15,6 +15,8 @@ import ( ) type forwardedRequestRPCServer struct { + UnimplementedRequestForwardingServer + core *Core handler http.Handler perfStandbySlots chan struct{} diff --git a/vault/request_forwarding_service.pb.go b/vault/request_forwarding_service.pb.go index 40f696dad..9a8880e8d 100644 --- a/vault/request_forwarding_service.pb.go +++ b/vault/request_forwarding_service.pb.go @@ -7,11 +7,7 @@ package vault import ( - context "context" forwarding "github.com/hashicorp/vault/helper/forwarding" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -729,183 +725,3 @@ func file_vault_request_forwarding_service_proto_init() { file_vault_request_forwarding_service_proto_goTypes = nil file_vault_request_forwarding_service_proto_depIDxs = nil } - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConnInterface - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion6 - -// RequestForwardingClient is the client API for RequestForwarding service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type RequestForwardingClient interface { - ForwardRequest(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error) - Echo(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error) - PerformanceStandbyElectionRequest(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error) -} - -type requestForwardingClient struct { - cc grpc.ClientConnInterface -} - -func NewRequestForwardingClient(cc grpc.ClientConnInterface) RequestForwardingClient { - return &requestForwardingClient{cc} -} - -func (c *requestForwardingClient) ForwardRequest(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error) { - out := new(forwarding.Response) - err := c.cc.Invoke(ctx, "/vault.RequestForwarding/ForwardRequest", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *requestForwardingClient) Echo(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error) { - out := new(EchoReply) - err := c.cc.Invoke(ctx, "/vault.RequestForwarding/Echo", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *requestForwardingClient) PerformanceStandbyElectionRequest(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error) { - stream, err := c.cc.NewStream(ctx, &_RequestForwarding_serviceDesc.Streams[0], "/vault.RequestForwarding/PerformanceStandbyElectionRequest", opts...) - if err != nil { - return nil, err - } - x := &requestForwardingPerformanceStandbyElectionRequestClient{stream} - if err := x.ClientStream.SendMsg(in); err != nil { - return nil, err - } - if err := x.ClientStream.CloseSend(); err != nil { - return nil, err - } - return x, nil -} - -type RequestForwarding_PerformanceStandbyElectionRequestClient interface { - Recv() (*PerfStandbyElectionResponse, error) - grpc.ClientStream -} - -type requestForwardingPerformanceStandbyElectionRequestClient struct { - grpc.ClientStream -} - -func (x *requestForwardingPerformanceStandbyElectionRequestClient) Recv() (*PerfStandbyElectionResponse, error) { - m := new(PerfStandbyElectionResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -// RequestForwardingServer is the server API for RequestForwarding service. -type RequestForwardingServer interface { - ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error) - Echo(context.Context, *EchoRequest) (*EchoReply, error) - PerformanceStandbyElectionRequest(*PerfStandbyElectionInput, RequestForwarding_PerformanceStandbyElectionRequestServer) error -} - -// UnimplementedRequestForwardingServer can be embedded to have forward compatible implementations. -type UnimplementedRequestForwardingServer struct { -} - -func (*UnimplementedRequestForwardingServer) ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error) { - return nil, status.Errorf(codes.Unimplemented, "method ForwardRequest not implemented") -} -func (*UnimplementedRequestForwardingServer) Echo(context.Context, *EchoRequest) (*EchoReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method Echo not implemented") -} -func (*UnimplementedRequestForwardingServer) PerformanceStandbyElectionRequest(*PerfStandbyElectionInput, RequestForwarding_PerformanceStandbyElectionRequestServer) error { - return status.Errorf(codes.Unimplemented, "method PerformanceStandbyElectionRequest not implemented") -} - -func RegisterRequestForwardingServer(s *grpc.Server, srv RequestForwardingServer) { - s.RegisterService(&_RequestForwarding_serviceDesc, srv) -} - -func _RequestForwarding_ForwardRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(forwarding.Request) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(RequestForwardingServer).ForwardRequest(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/vault.RequestForwarding/ForwardRequest", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(RequestForwardingServer).ForwardRequest(ctx, req.(*forwarding.Request)) - } - return interceptor(ctx, in, info, handler) -} - -func _RequestForwarding_Echo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(EchoRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(RequestForwardingServer).Echo(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/vault.RequestForwarding/Echo", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(RequestForwardingServer).Echo(ctx, req.(*EchoRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _RequestForwarding_PerformanceStandbyElectionRequest_Handler(srv interface{}, stream grpc.ServerStream) error { - m := new(PerfStandbyElectionInput) - if err := stream.RecvMsg(m); err != nil { - return err - } - return srv.(RequestForwardingServer).PerformanceStandbyElectionRequest(m, &requestForwardingPerformanceStandbyElectionRequestServer{stream}) -} - -type RequestForwarding_PerformanceStandbyElectionRequestServer interface { - Send(*PerfStandbyElectionResponse) error - grpc.ServerStream -} - -type requestForwardingPerformanceStandbyElectionRequestServer struct { - grpc.ServerStream -} - -func (x *requestForwardingPerformanceStandbyElectionRequestServer) Send(m *PerfStandbyElectionResponse) error { - return x.ServerStream.SendMsg(m) -} - -var _RequestForwarding_serviceDesc = grpc.ServiceDesc{ - ServiceName: "vault.RequestForwarding", - HandlerType: (*RequestForwardingServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "ForwardRequest", - Handler: _RequestForwarding_ForwardRequest_Handler, - }, - { - MethodName: "Echo", - Handler: _RequestForwarding_Echo_Handler, - }, - }, - Streams: []grpc.StreamDesc{ - { - StreamName: "PerformanceStandbyElectionRequest", - Handler: _RequestForwarding_PerformanceStandbyElectionRequest_Handler, - ServerStreams: true, - }, - }, - Metadata: "vault/request_forwarding_service.proto", -} diff --git a/vault/request_forwarding_service_grpc.pb.go b/vault/request_forwarding_service_grpc.pb.go new file mode 100644 index 000000000..9ff0c496a --- /dev/null +++ b/vault/request_forwarding_service_grpc.pb.go @@ -0,0 +1,202 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. + +package vault + +import ( + context "context" + forwarding "github.com/hashicorp/vault/helper/forwarding" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// RequestForwardingClient is the client API for RequestForwarding service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type RequestForwardingClient interface { + ForwardRequest(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error) + Echo(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error) + PerformanceStandbyElectionRequest(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error) +} + +type requestForwardingClient struct { + cc grpc.ClientConnInterface +} + +func NewRequestForwardingClient(cc grpc.ClientConnInterface) RequestForwardingClient { + return &requestForwardingClient{cc} +} + +func (c *requestForwardingClient) ForwardRequest(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error) { + out := new(forwarding.Response) + err := c.cc.Invoke(ctx, "/vault.RequestForwarding/ForwardRequest", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *requestForwardingClient) Echo(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error) { + out := new(EchoReply) + err := c.cc.Invoke(ctx, "/vault.RequestForwarding/Echo", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *requestForwardingClient) PerformanceStandbyElectionRequest(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error) { + stream, err := c.cc.NewStream(ctx, &RequestForwarding_ServiceDesc.Streams[0], "/vault.RequestForwarding/PerformanceStandbyElectionRequest", opts...) + if err != nil { + return nil, err + } + x := &requestForwardingPerformanceStandbyElectionRequestClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type RequestForwarding_PerformanceStandbyElectionRequestClient interface { + Recv() (*PerfStandbyElectionResponse, error) + grpc.ClientStream +} + +type requestForwardingPerformanceStandbyElectionRequestClient struct { + grpc.ClientStream +} + +func (x *requestForwardingPerformanceStandbyElectionRequestClient) Recv() (*PerfStandbyElectionResponse, error) { + m := new(PerfStandbyElectionResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// RequestForwardingServer is the server API for RequestForwarding service. +// All implementations must embed UnimplementedRequestForwardingServer +// for forward compatibility +type RequestForwardingServer interface { + ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error) + Echo(context.Context, *EchoRequest) (*EchoReply, error) + PerformanceStandbyElectionRequest(*PerfStandbyElectionInput, RequestForwarding_PerformanceStandbyElectionRequestServer) error + mustEmbedUnimplementedRequestForwardingServer() +} + +// UnimplementedRequestForwardingServer must be embedded to have forward compatible implementations. +type UnimplementedRequestForwardingServer struct { +} + +func (UnimplementedRequestForwardingServer) ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error) { + return nil, status.Errorf(codes.Unimplemented, "method ForwardRequest not implemented") +} +func (UnimplementedRequestForwardingServer) Echo(context.Context, *EchoRequest) (*EchoReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method Echo not implemented") +} +func (UnimplementedRequestForwardingServer) PerformanceStandbyElectionRequest(*PerfStandbyElectionInput, RequestForwarding_PerformanceStandbyElectionRequestServer) error { + return status.Errorf(codes.Unimplemented, "method PerformanceStandbyElectionRequest not implemented") +} +func (UnimplementedRequestForwardingServer) mustEmbedUnimplementedRequestForwardingServer() {} + +// UnsafeRequestForwardingServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to RequestForwardingServer will +// result in compilation errors. +type UnsafeRequestForwardingServer interface { + mustEmbedUnimplementedRequestForwardingServer() +} + +func RegisterRequestForwardingServer(s grpc.ServiceRegistrar, srv RequestForwardingServer) { + s.RegisterService(&RequestForwarding_ServiceDesc, srv) +} + +func _RequestForwarding_ForwardRequest_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(forwarding.Request) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RequestForwardingServer).ForwardRequest(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/vault.RequestForwarding/ForwardRequest", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RequestForwardingServer).ForwardRequest(ctx, req.(*forwarding.Request)) + } + return interceptor(ctx, in, info, handler) +} + +func _RequestForwarding_Echo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EchoRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RequestForwardingServer).Echo(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/vault.RequestForwarding/Echo", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RequestForwardingServer).Echo(ctx, req.(*EchoRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _RequestForwarding_PerformanceStandbyElectionRequest_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(PerfStandbyElectionInput) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(RequestForwardingServer).PerformanceStandbyElectionRequest(m, &requestForwardingPerformanceStandbyElectionRequestServer{stream}) +} + +type RequestForwarding_PerformanceStandbyElectionRequestServer interface { + Send(*PerfStandbyElectionResponse) error + grpc.ServerStream +} + +type requestForwardingPerformanceStandbyElectionRequestServer struct { + grpc.ServerStream +} + +func (x *requestForwardingPerformanceStandbyElectionRequestServer) Send(m *PerfStandbyElectionResponse) error { + return x.ServerStream.SendMsg(m) +} + +// RequestForwarding_ServiceDesc is the grpc.ServiceDesc for RequestForwarding service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var RequestForwarding_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "vault.RequestForwarding", + HandlerType: (*RequestForwardingServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ForwardRequest", + Handler: _RequestForwarding_ForwardRequest_Handler, + }, + { + MethodName: "Echo", + Handler: _RequestForwarding_Echo_Handler, + }, + }, + Streams: []grpc.StreamDesc{ + { + StreamName: "PerformanceStandbyElectionRequest", + Handler: _RequestForwarding_PerformanceStandbyElectionRequest_Handler, + ServerStreams: true, + }, + }, + Metadata: "vault/request_forwarding_service.proto", +}