luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Restrict cert auth by CIDR (#4478)

This commit is contained in:
Becca Petrin 2018-05-09 15:39:55 -07:00 committed by GitHub
parent bbaf923a27
commit 76c717b081
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 441 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
builtin/credential/cert/backend_test.go
View File

@ -1033,6 +1033,132 @@ func TestBackend_untrusted(t *testing.T) {
})
}
func TestBackend_validCIDR(t *testing.T) {
config := logical.TestBackendConfig()
storage := &logical.InmemStorage{}
config.StorageView = storage
b, err := Factory(context.Background(), config)
if err != nil {
t.Fatal(err)
}
connState, err := testConnState("test-fixtures/keys/cert.pem",
"test-fixtures/keys/key.pem", "test-fixtures/root/rootcacert.pem")
if err != nil {
t.Fatalf("error testing connection state: %v", err)
}
ca, err := ioutil.ReadFile("test-fixtures/root/rootcacert.pem")
if err != nil {
t.Fatalf("err: %v", err)
}
name := "web"
addCertReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "certs/" + name,
Data: map[string]interface{}{
"certificate": string(ca),
"policies": "foo",
"display_name": name,
"allowed_names": "",
"required_extensions": "",
"lease": 1000,
"bound_cidrs": []string{"127.0.0.1/32", "128.252.0.0/16"},
},
Storage: storage,
Connection: &logical.Connection{ConnState: &connState},
}
_, err = b.HandleRequest(context.Background(), addCertReq)
if err != nil {
t.Fatal(err)
}
loginReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "login",
Unauthenticated: true,
Data: map[string]interface{}{
"name": name,
},
Storage: storage,
Connection: &logical.Connection{ConnState: &connState},
}
// override the remote address with an IPV4 that is authorized
loginReq.Connection.RemoteAddr = "127.0.0.1/32"
_, err = b.HandleRequest(context.Background(), loginReq)
if err != nil {
t.Fatal(err.Error())
}
}
func TestBackend_invalidCIDR(t *testing.T) {
config := logical.TestBackendConfig()
storage := &logical.InmemStorage{}
config.StorageView = storage
b, err := Factory(context.Background(), config)
if err != nil {
t.Fatal(err)
}
connState, err := testConnState("test-fixtures/keys/cert.pem",
"test-fixtures/keys/key.pem", "test-fixtures/root/rootcacert.pem")
if err != nil {
t.Fatalf("error testing connection state: %v", err)
}
ca, err := ioutil.ReadFile("test-fixtures/root/rootcacert.pem")
if err != nil {
t.Fatalf("err: %v", err)
}
name := "web"
addCertReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "certs/" + name,
Data: map[string]interface{}{
"certificate": string(ca),
"policies": "foo",
"display_name": name,
"allowed_names": "",
"required_extensions": "",
"lease": 1000,
"bound_cidrs": []string{"127.0.0.1/32", "128.252.0.0/16"},
},
Storage: storage,
Connection: &logical.Connection{ConnState: &connState},
}
_, err = b.HandleRequest(context.Background(), addCertReq)
if err != nil {
t.Fatal(err)
}
loginReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "login",
Unauthenticated: true,
Data: map[string]interface{}{
"name": name,
},
Storage: storage,
Connection: &logical.Connection{ConnState: &connState},
}
// override the remote address with an IPV4 that isn't authorized
loginReq.Connection.RemoteAddr = "127.0.0.1/8"
_, err = b.HandleRequest(context.Background(), loginReq)
if err == nil {
t.Fatal("expected \"ERROR: permission denied\"")
}
}
func testAccStepAddCRL(t *testing.T, crl []byte, connState tls.ConnectionState) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.UpdateOperation,

20
builtin/credential/cert/path_certs.go
View File

@ -7,6 +7,7 @@ import (
"strings"
"time"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
@ -88,6 +89,11 @@ should never expire. The token should be renewed within the
duration specified by this value. At each renewal, the token's
TTL will be set to the value of this parameter.`,
},
"bound_cidrs": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
IP addresses which can perform the login operation.`,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
@ -228,6 +234,18 @@ func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *fr
}
}
var parsedCIDRs []*sockaddr.SockAddrMarshaler
for _, v := range d.Get("bound_cidrs").([]string) {
parsedCIDR, err := sockaddr.NewSockAddr(v)
if err != nil {
if b.Logger().IsDebug() {
b.Logger().Debug(fmt.Sprintf("unable to parse %s as a cidr: %s", v, err))
}
return logical.ErrorResponse(fmt.Sprintf("unable to parse %s as a cidr", v)), logical.ErrInvalidRequest
}
parsedCIDRs = append(parsedCIDRs, &sockaddr.SockAddrMarshaler{parsedCIDR})
}
certEntry := &CertEntry{
Name: name,
Certificate: certificate,
@ -238,6 +256,7 @@ func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *fr
TTL: ttl,
MaxTTL: maxTTL,
Period: period,
BoundCIDRs: parsedCIDRs,
}
// Store it
@ -266,6 +285,7 @@ type CertEntry struct {
Period time.Duration
AllowedNames []string
RequiredExtensions []string
BoundCIDRs []*sockaddr.SockAddrMarshaler
}
const pathCertHelpSyn = `

18
builtin/credential/cert/path_login.go
View File

@ -17,6 +17,7 @@ import (
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"github.com/hashicorp/vault/helper/cidrutil"
"github.com/ryanuber/go-glob"
)
@ -71,6 +72,10 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return nil, nil
}
if err := b.checkCIDR(matched.Entry, req); err != nil {
return nil, err
}
clientCerts := req.Connection.ConnState.PeerCertificates
if len(clientCerts) == 0 {
return logical.ErrorResponse("no client certificate found"), nil
@ -102,6 +107,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
Alias: &logical.Alias{
Name: clientCerts[0].Subject.CommonName,
},
BoundCIDRs: matched.Entry.BoundCIDRs,
},
}
@ -153,6 +159,10 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
return nil, nil
}
if err := b.checkCIDR(cert, req); err != nil {
return nil, err
}
if !policyutil.EquivalentPolicies(cert.Policies, req.Auth.Policies) {
return nil, fmt.Errorf("policies have changed, not renewing")
}
@ -161,6 +171,7 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
resp.Auth.TTL = cert.TTL
resp.Auth.MaxTTL = cert.MaxTTL
resp.Auth.Period = cert.Period
resp.Auth.BoundCIDRs = cert.BoundCIDRs
return resp, nil
}
@ -372,6 +383,13 @@ func (b *backend) checkForValidChain(chains [][]*x509.Certificate) bool {
return false
}
func (b *backend) checkCIDR(cert *CertEntry, req *logical.Request) error {
if cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, cert.BoundCIDRs) {
return nil
}
return logical.ErrPermissionDenied
}
// parsePEM parses a PEM encoded x509 certificate
func parsePEM(raw []byte) (certs []*x509.Certificate) {
for len(raw) > 0 {

24
helper/cidrutil/cidr.go
View File

@ -6,9 +6,33 @@ import (
"strings"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/helper/strutil"
)
// RemoteAddrIsOk checks if the given remote address is either:
// - OK because there's no CIDR whitelist
// - OK because it's in the CIDR whitelist
func RemoteAddrIsOk(remoteAddr string, boundCIDRs []*sockaddr.SockAddrMarshaler) bool {
if len(boundCIDRs) == 0 {
// There's no CIDR whitelist.
return true
}
remoteSockAddr, err := sockaddr.NewSockAddr(remoteAddr)
if err != nil {
// Can't tell, err on the side of less access.
return false
}
for _, cidr := range boundCIDRs {
if cidr.Contains(remoteSockAddr) {
// Whitelisted.
return true
}
}
// Not whitelisted.
return false
}
// IPBelongsToCIDR checks if the given IP is encompassed by the given CIDR block
func IPBelongsToCIDR(ipAddr string, cidr string) (bool, error) {
if ipAddr == "" {

32
helper/cidrutil/cidr_test.go
View File

@ -1,6 +1,10 @@
package cidrutil
import "testing"
import (
"testing"
"github.com/hashicorp/go-sockaddr"
)
func TestCIDRUtil_IPBelongsToCIDR(t *testing.T) {
ip := "192.168.25.30"
@ -194,3 +198,29 @@ func TestCIDRUtil_SubsetBlocks(t *testing.T) {
t.Fatalf("expected CIDR blocks %q to not be a subset of CIDR blocks %q", cidrBlocks2, cidrBlocks1)
}
}
func TestCIDRUtil_RemoteAddrIsOk_NegativeTest(t *testing.T) {
addr, err := sockaddr.NewSockAddr("127.0.0.1/8")
if err != nil {
t.Fatal(err)
}
boundCIDRs := []*sockaddr.SockAddrMarshaler{
{addr},
}
if RemoteAddrIsOk("123.0.0.1", boundCIDRs) {
t.Fatal("remote address of 123.0.0.1/2 should not be allowed for 127.0.0.1/8")
}
}
func TestCIDRUtil_RemoteAddrIsOk_PositiveTest(t *testing.T) {
addr, err := sockaddr.NewSockAddr("127.0.0.1/8")
if err != nil {
t.Fatal(err)
}
boundCIDRs := []*sockaddr.SockAddrMarshaler{
{addr},
}
if !RemoteAddrIsOk("127.0.0.1", boundCIDRs) {
t.Fatal("remote address of 127.0.0.1 should be allowed for 127.0.0.1/8")
}
}

5
logical/auth.go
View File

@ -3,6 +3,8 @@ package logical
import (
"fmt"
"time"
"github.com/hashicorp/go-sockaddr"
)
// Auth is the resulting authentication information that is part of
@ -69,6 +71,9 @@ type Auth struct {
// mappings groups for the group aliases in identity store. For all the
// matching groups, the entity ID of the user will be added.
GroupAliases []*Alias `json:"group_aliases" mapstructure:"group_aliases" structs:"group_aliases"`
// The set of CIDRs that this token can be used with
BoundCIDRs []*sockaddr.SockAddrMarshaler `json:"bound_cidrs"`
}
func (a *Auth) GoString() string {

366
logical/plugin/pb/backend.pb.go
View File

@ -34,7 +34,7 @@ func (m *Empty) Reset() { *m = Empty{} }
func (m *Empty) String() string { return proto.CompactTextString(m) }
func (*Empty) ProtoMessage() {}
func (*Empty) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{0}
return fileDescriptor_backend_a4dea436a6c1c127, []int{0}
}
func (m *Empty) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Empty.Unmarshal(m, b)
@ -65,7 +65,7 @@ func (m *Header) Reset() { *m = Header{} }
func (m *Header) String() string { return proto.CompactTextString(m) }
func (*Header) ProtoMessage() {}
func (*Header) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{1}
return fileDescriptor_backend_a4dea436a6c1c127, []int{1}
}
func (m *Header) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Header.Unmarshal(m, b)
@ -116,7 +116,7 @@ func (m *ProtoError) Reset() { *m = ProtoError{} }
func (m *ProtoError) String() string { return proto.CompactTextString(m) }
func (*ProtoError) ProtoMessage() {}
func (*ProtoError) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{2}
return fileDescriptor_backend_a4dea436a6c1c127, []int{2}
}
func (m *ProtoError) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ProtoError.Unmarshal(m, b)
@ -179,7 +179,7 @@ func (m *Paths) Reset() { *m = Paths{} }
func (m *Paths) String() string { return proto.CompactTextString(m) }
func (*Paths) ProtoMessage() {}
func (*Paths) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{3}
return fileDescriptor_backend_a4dea436a6c1c127, []int{3}
}
func (m *Paths) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Paths.Unmarshal(m, b)
@ -303,7 +303,7 @@ func (m *Request) Reset() { *m = Request{} }
func (m *Request) String() string { return proto.CompactTextString(m) }
func (*Request) ProtoMessage() {}
func (*Request) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{4}
return fileDescriptor_backend_a4dea436a6c1c127, []int{4}
}
func (m *Request) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Request.Unmarshal(m, b)
@ -480,7 +480,7 @@ func (m *Alias) Reset() { *m = Alias{} }
func (m *Alias) String() string { return proto.CompactTextString(m) }
func (*Alias) ProtoMessage() {}
func (*Alias) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{5}
return fileDescriptor_backend_a4dea436a6c1c127, []int{5}
}
func (m *Alias) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Alias.Unmarshal(m, b)
@ -567,7 +567,10 @@ type Auth struct {
// authenticated user belongs to. This is used to check if there are
// mappings groups for the group aliases in identity store. For all the
// matching groups, the entity ID of the user will be added.
GroupAliases []*Alias `sentinel:"" protobuf:"bytes,12,rep,name=group_aliases,json=groupAliases" json:"group_aliases,omitempty"`
GroupAliases []*Alias `sentinel:"" protobuf:"bytes,12,rep,name=group_aliases,json=groupAliases" json:"group_aliases,omitempty"`
// If set, restricts usage of the certificates to client IPs falling within
// the range of the specified CIDR(s).
BoundCidrs []string `sentinel:"" protobuf:"bytes,13,rep,name=bound_cidrs,json=boundCidrs" json:"bound_cidrs,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -577,7 +580,7 @@ func (m *Auth) Reset() { *m = Auth{} }
func (m *Auth) String() string { return proto.CompactTextString(m) }
func (*Auth) ProtoMessage() {}
func (*Auth) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{6}
return fileDescriptor_backend_a4dea436a6c1c127, []int{6}
}
func (m *Auth) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Auth.Unmarshal(m, b)
@ -681,6 +684,13 @@ func (m *Auth) GetGroupAliases() []*Alias {
return nil
}
func (m *Auth) GetBoundCidrs() []string {
if m != nil {
return m.BoundCidrs
}
return nil
}
type LeaseOptions struct {
TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL" json:"TTL,omitempty"`
Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable" json:"renewable,omitempty"`
@ -696,7 +706,7 @@ func (m *LeaseOptions) Reset() { *m = LeaseOptions{} }
func (m *LeaseOptions) String() string { return proto.CompactTextString(m) }
func (*LeaseOptions) ProtoMessage() {}
func (*LeaseOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{7}
return fileDescriptor_backend_a4dea436a6c1c127, []int{7}
}
func (m *LeaseOptions) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_LeaseOptions.Unmarshal(m, b)
@ -770,7 +780,7 @@ func (m *Secret) Reset() { *m = Secret{} }
func (m *Secret) String() string { return proto.CompactTextString(m) }
func (*Secret) ProtoMessage() {}
func (*Secret) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{8}
return fileDescriptor_backend_a4dea436a6c1c127, []int{8}
}
func (m *Secret) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Secret.Unmarshal(m, b)
@ -841,7 +851,7 @@ func (m *Response) Reset() { *m = Response{} }
func (m *Response) String() string { return proto.CompactTextString(m) }
func (*Response) ProtoMessage() {}
func (*Response) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{9}
return fileDescriptor_backend_a4dea436a6c1c127, []int{9}
}
func (m *Response) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Response.Unmarshal(m, b)
@ -936,7 +946,7 @@ func (m *ResponseWrapInfo) Reset() { *m = ResponseWrapInfo{} }
func (m *ResponseWrapInfo) String() string { return proto.CompactTextString(m) }
func (*ResponseWrapInfo) ProtoMessage() {}
func (*ResponseWrapInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{10}
return fileDescriptor_backend_a4dea436a6c1c127, []int{10}
}
func (m *ResponseWrapInfo) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ResponseWrapInfo.Unmarshal(m, b)
@ -1038,7 +1048,7 @@ func (m *RequestWrapInfo) Reset() { *m = RequestWrapInfo{} }
func (m *RequestWrapInfo) String() string { return proto.CompactTextString(m) }
func (*RequestWrapInfo) ProtoMessage() {}
func (*RequestWrapInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{11}
return fileDescriptor_backend_a4dea436a6c1c127, []int{11}
}
func (m *RequestWrapInfo) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_RequestWrapInfo.Unmarshal(m, b)
@ -1092,7 +1102,7 @@ func (m *HandleRequestArgs) Reset() { *m = HandleRequestArgs{} }
func (m *HandleRequestArgs) String() string { return proto.CompactTextString(m) }
func (*HandleRequestArgs) ProtoMessage() {}
func (*HandleRequestArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{12}
return fileDescriptor_backend_a4dea436a6c1c127, []int{12}
}
func (m *HandleRequestArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_HandleRequestArgs.Unmarshal(m, b)
@ -1139,7 +1149,7 @@ func (m *HandleRequestReply) Reset() { *m = HandleRequestReply{} }
func (m *HandleRequestReply) String() string { return proto.CompactTextString(m) }
func (*HandleRequestReply) ProtoMessage() {}
func (*HandleRequestReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{13}
return fileDescriptor_backend_a4dea436a6c1c127, []int{13}
}
func (m *HandleRequestReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_HandleRequestReply.Unmarshal(m, b)
@ -1185,7 +1195,7 @@ func (m *SpecialPathsReply) Reset() { *m = SpecialPathsReply{} }
func (m *SpecialPathsReply) String() string { return proto.CompactTextString(m) }
func (*SpecialPathsReply) ProtoMessage() {}
func (*SpecialPathsReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{14}
return fileDescriptor_backend_a4dea436a6c1c127, []int{14}
}
func (m *SpecialPathsReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SpecialPathsReply.Unmarshal(m, b)
@ -1225,7 +1235,7 @@ func (m *HandleExistenceCheckArgs) Reset() { *m = HandleExistenceCheckAr
func (m *HandleExistenceCheckArgs) String() string { return proto.CompactTextString(m) }
func (*HandleExistenceCheckArgs) ProtoMessage() {}
func (*HandleExistenceCheckArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{15}
return fileDescriptor_backend_a4dea436a6c1c127, []int{15}
}
func (m *HandleExistenceCheckArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_HandleExistenceCheckArgs.Unmarshal(m, b)
@ -1273,7 +1283,7 @@ func (m *HandleExistenceCheckReply) Reset() { *m = HandleExistenceCheckR
func (m *HandleExistenceCheckReply) String() string { return proto.CompactTextString(m) }
func (*HandleExistenceCheckReply) ProtoMessage() {}
func (*HandleExistenceCheckReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{16}
return fileDescriptor_backend_a4dea436a6c1c127, []int{16}
}
func (m *HandleExistenceCheckReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_HandleExistenceCheckReply.Unmarshal(m, b)
@ -1328,7 +1338,7 @@ func (m *SetupArgs) Reset() { *m = SetupArgs{} }
func (m *SetupArgs) String() string { return proto.CompactTextString(m) }
func (*SetupArgs) ProtoMessage() {}
func (*SetupArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{17}
return fileDescriptor_backend_a4dea436a6c1c127, []int{17}
}
func (m *SetupArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SetupArgs.Unmarshal(m, b)
@ -1381,7 +1391,7 @@ func (m *SetupReply) Reset() { *m = SetupReply{} }
func (m *SetupReply) String() string { return proto.CompactTextString(m) }
func (*SetupReply) ProtoMessage() {}
func (*SetupReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{18}
return fileDescriptor_backend_a4dea436a6c1c127, []int{18}
}
func (m *SetupReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SetupReply.Unmarshal(m, b)
@ -1420,7 +1430,7 @@ func (m *TypeReply) Reset() { *m = TypeReply{} }
func (m *TypeReply) String() string { return proto.CompactTextString(m) }
func (*TypeReply) ProtoMessage() {}
func (*TypeReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{19}
return fileDescriptor_backend_a4dea436a6c1c127, []int{19}
}
func (m *TypeReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_TypeReply.Unmarshal(m, b)
@ -1458,7 +1468,7 @@ func (m *InvalidateKeyArgs) Reset() { *m = InvalidateKeyArgs{} }
func (m *InvalidateKeyArgs) String() string { return proto.CompactTextString(m) }
func (*InvalidateKeyArgs) ProtoMessage() {}
func (*InvalidateKeyArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{20}
return fileDescriptor_backend_a4dea436a6c1c127, []int{20}
}
func (m *InvalidateKeyArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_InvalidateKeyArgs.Unmarshal(m, b)
@ -1498,7 +1508,7 @@ func (m *StorageEntry) Reset() { *m = StorageEntry{} }
func (m *StorageEntry) String() string { return proto.CompactTextString(m) }
func (*StorageEntry) ProtoMessage() {}
func (*StorageEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{21}
return fileDescriptor_backend_a4dea436a6c1c127, []int{21}
}
func (m *StorageEntry) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageEntry.Unmarshal(m, b)
@ -1550,7 +1560,7 @@ func (m *StorageListArgs) Reset() { *m = StorageListArgs{} }
func (m *StorageListArgs) String() string { return proto.CompactTextString(m) }
func (*StorageListArgs) ProtoMessage() {}
func (*StorageListArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{22}
return fileDescriptor_backend_a4dea436a6c1c127, []int{22}
}
func (m *StorageListArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageListArgs.Unmarshal(m, b)
@ -1589,7 +1599,7 @@ func (m *StorageListReply) Reset() { *m = StorageListReply{} }
func (m *StorageListReply) String() string { return proto.CompactTextString(m) }
func (*StorageListReply) ProtoMessage() {}
func (*StorageListReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{23}
return fileDescriptor_backend_a4dea436a6c1c127, []int{23}
}
func (m *StorageListReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageListReply.Unmarshal(m, b)
@ -1634,7 +1644,7 @@ func (m *StorageGetArgs) Reset() { *m = StorageGetArgs{} }
func (m *StorageGetArgs) String() string { return proto.CompactTextString(m) }
func (*StorageGetArgs) ProtoMessage() {}
func (*StorageGetArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{24}
return fileDescriptor_backend_a4dea436a6c1c127, []int{24}
}
func (m *StorageGetArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageGetArgs.Unmarshal(m, b)
@ -1673,7 +1683,7 @@ func (m *StorageGetReply) Reset() { *m = StorageGetReply{} }
func (m *StorageGetReply) String() string { return proto.CompactTextString(m) }
func (*StorageGetReply) ProtoMessage() {}
func (*StorageGetReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{25}
return fileDescriptor_backend_a4dea436a6c1c127, []int{25}
}
func (m *StorageGetReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageGetReply.Unmarshal(m, b)
@ -1718,7 +1728,7 @@ func (m *StoragePutArgs) Reset() { *m = StoragePutArgs{} }
func (m *StoragePutArgs) String() string { return proto.CompactTextString(m) }
func (*StoragePutArgs) ProtoMessage() {}
func (*StoragePutArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{26}
return fileDescriptor_backend_a4dea436a6c1c127, []int{26}
}
func (m *StoragePutArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StoragePutArgs.Unmarshal(m, b)
@ -1756,7 +1766,7 @@ func (m *StoragePutReply) Reset() { *m = StoragePutReply{} }
func (m *StoragePutReply) String() string { return proto.CompactTextString(m) }
func (*StoragePutReply) ProtoMessage() {}
func (*StoragePutReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{27}
return fileDescriptor_backend_a4dea436a6c1c127, []int{27}
}
func (m *StoragePutReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StoragePutReply.Unmarshal(m, b)
@ -1794,7 +1804,7 @@ func (m *StorageDeleteArgs) Reset() { *m = StorageDeleteArgs{} }
func (m *StorageDeleteArgs) String() string { return proto.CompactTextString(m) }
func (*StorageDeleteArgs) ProtoMessage() {}
func (*StorageDeleteArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{28}
return fileDescriptor_backend_a4dea436a6c1c127, []int{28}
}
func (m *StorageDeleteArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageDeleteArgs.Unmarshal(m, b)
@ -1832,7 +1842,7 @@ func (m *StorageDeleteReply) Reset() { *m = StorageDeleteReply{} }
func (m *StorageDeleteReply) String() string { return proto.CompactTextString(m) }
func (*StorageDeleteReply) ProtoMessage() {}
func (*StorageDeleteReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{29}
return fileDescriptor_backend_a4dea436a6c1c127, []int{29}
}
func (m *StorageDeleteReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_StorageDeleteReply.Unmarshal(m, b)
@ -1870,7 +1880,7 @@ func (m *TTLReply) Reset() { *m = TTLReply{} }
func (m *TTLReply) String() string { return proto.CompactTextString(m) }
func (*TTLReply) ProtoMessage() {}
func (*TTLReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{30}
return fileDescriptor_backend_a4dea436a6c1c127, []int{30}
}
func (m *TTLReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_TTLReply.Unmarshal(m, b)
@ -1909,7 +1919,7 @@ func (m *SudoPrivilegeArgs) Reset() { *m = SudoPrivilegeArgs{} }
func (m *SudoPrivilegeArgs) String() string { return proto.CompactTextString(m) }
func (*SudoPrivilegeArgs) ProtoMessage() {}
func (*SudoPrivilegeArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{31}
return fileDescriptor_backend_a4dea436a6c1c127, []int{31}
}
func (m *SudoPrivilegeArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SudoPrivilegeArgs.Unmarshal(m, b)
@ -1954,7 +1964,7 @@ func (m *SudoPrivilegeReply) Reset() { *m = SudoPrivilegeReply{} }
func (m *SudoPrivilegeReply) String() string { return proto.CompactTextString(m) }
func (*SudoPrivilegeReply) ProtoMessage() {}
func (*SudoPrivilegeReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{32}
return fileDescriptor_backend_a4dea436a6c1c127, []int{32}
}
func (m *SudoPrivilegeReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SudoPrivilegeReply.Unmarshal(m, b)
@ -1992,7 +2002,7 @@ func (m *TaintedReply) Reset() { *m = TaintedReply{} }
func (m *TaintedReply) String() string { return proto.CompactTextString(m) }
func (*TaintedReply) ProtoMessage() {}
func (*TaintedReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{33}
return fileDescriptor_backend_a4dea436a6c1c127, []int{33}
}
func (m *TaintedReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_TaintedReply.Unmarshal(m, b)
@ -2030,7 +2040,7 @@ func (m *CachingDisabledReply) Reset() { *m = CachingDisabledReply{} }
func (m *CachingDisabledReply) String() string { return proto.CompactTextString(m) }
func (*CachingDisabledReply) ProtoMessage() {}
func (*CachingDisabledReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{34}
return fileDescriptor_backend_a4dea436a6c1c127, []int{34}
}
func (m *CachingDisabledReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_CachingDisabledReply.Unmarshal(m, b)
@ -2068,7 +2078,7 @@ func (m *ReplicationStateReply) Reset() { *m = ReplicationStateReply{} }
func (m *ReplicationStateReply) String() string { return proto.CompactTextString(m) }
func (*ReplicationStateReply) ProtoMessage() {}
func (*ReplicationStateReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{35}
return fileDescriptor_backend_a4dea436a6c1c127, []int{35}
}
func (m *ReplicationStateReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ReplicationStateReply.Unmarshal(m, b)
@ -2108,7 +2118,7 @@ func (m *ResponseWrapDataArgs) Reset() { *m = ResponseWrapDataArgs{} }
func (m *ResponseWrapDataArgs) String() string { return proto.CompactTextString(m) }
func (*ResponseWrapDataArgs) ProtoMessage() {}
func (*ResponseWrapDataArgs) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{36}
return fileDescriptor_backend_a4dea436a6c1c127, []int{36}
}
func (m *ResponseWrapDataArgs) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ResponseWrapDataArgs.Unmarshal(m, b)
@ -2161,7 +2171,7 @@ func (m *ResponseWrapDataReply) Reset() { *m = ResponseWrapDataReply{} }
func (m *ResponseWrapDataReply) String() string { return proto.CompactTextString(m) }
func (*ResponseWrapDataReply) ProtoMessage() {}
func (*ResponseWrapDataReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{37}
return fileDescriptor_backend_a4dea436a6c1c127, []int{37}
}
func (m *ResponseWrapDataReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ResponseWrapDataReply.Unmarshal(m, b)
@ -2206,7 +2216,7 @@ func (m *MlockEnabledReply) Reset() { *m = MlockEnabledReply{} }
func (m *MlockEnabledReply) String() string { return proto.CompactTextString(m) }
func (*MlockEnabledReply) ProtoMessage() {}
func (*MlockEnabledReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{38}
return fileDescriptor_backend_a4dea436a6c1c127, []int{38}
}
func (m *MlockEnabledReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MlockEnabledReply.Unmarshal(m, b)
@ -2244,7 +2254,7 @@ func (m *LocalMountReply) Reset() { *m = LocalMountReply{} }
func (m *LocalMountReply) String() string { return proto.CompactTextString(m) }
func (*LocalMountReply) ProtoMessage() {}
func (*LocalMountReply) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{39}
return fileDescriptor_backend_a4dea436a6c1c127, []int{39}
}
func (m *LocalMountReply) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_LocalMountReply.Unmarshal(m, b)
@ -2283,7 +2293,7 @@ func (m *Connection) Reset() { *m = Connection{} }
func (m *Connection) String() string { return proto.CompactTextString(m) }
func (*Connection) ProtoMessage() {}
func (*Connection) Descriptor() ([]byte, []int) {
return fileDescriptor_backend_bf8da362534328ce, []int{40}
return fileDescriptor_backend_a4dea436a6c1c127, []int{40}
}
func (m *Connection) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Connection.Unmarshal(m, b)
@ -3215,141 +3225,143 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{
}
func init() {
proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor_backend_bf8da362534328ce)
proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor_backend_a4dea436a6c1c127)
}
var fileDescriptor_backend_bf8da362534328ce = []byte{
// 2112 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x5b, 0x6f, 0xdb, 0xc8,
0x15, 0x86, 0x24, 0x4b, 0xa2, 0x8e, 0x24, 0x5f, 0x26, 0x4e, 0xca, 0x28, 0xd9, 0x5a, 0xe5, 0x22,
0x59, 0x6d, 0xd0, 0xc8, 0x89, 0x7a, 0xcb, 0xb6, 0xd8, 0x2d, 0x5c, 0xdb, 0x9b, 0x75, 0xd7, 0xde,
0x35, 0x68, 0xa7, 0xdb, 0xa2, 0x05, 0xb4, 0x63, 0xf2, 0x58, 0x26, 0x4c, 0x91, 0xec, 0x70, 0x68,
0x47, 0x4f, 0xfd, 0x17, 0xfd, 0x1b, 0x7d, 0xed, 0x5b, 0x5f, 0x0b, 0xf4, 0xb9, 0xbf, 0xa0, 0xef,
0x7d, 0xe8, 0x2f, 0x28, 0xe6, 0x42, 0x6a, 0x28, 0xc9, 0x4d, 0x0a, 0xb4, 0x6f, 0x73, 0x2e, 0x33,
0xe7, 0xc2, 0x73, 0xbe, 0x33, 0x43, 0xd8, 0x09, 0xe3, 0x49, 0xe0, 0xd1, 0x70, 0x37, 0x09, 0xb3,
0x49, 0x10, 0xed, 0x26, 0x17, 0xbb, 0x17, 0xd4, 0xbb, 0xc6, 0xc8, 0x1f, 0x26, 0x2c, 0xe6, 0x31,
0xa9, 0x26, 0x17, 0xbd, 0x9d, 0x49, 0x1c, 0x4f, 0x42, 0xdc, 0x95, 0x9c, 0x8b, 0xec, 0x72, 0x97,
0x07, 0x53, 0x4c, 0x39, 0x9d, 0x26, 0x4a, 0xc9, 0x69, 0x42, 0xfd, 0x70, 0x9a, 0xf0, 0x99, 0xd3,
0x87, 0xc6, 0x17, 0x48, 0x7d, 0x64, 0xe4, 0x01, 0x34, 0xae, 0xe4, 0xca, 0xae, 0xf4, 0x6b, 0x83,
0x96, 0xab, 0x29, 0xe7, 0xb7, 0x00, 0xa7, 0x62, 0xcf, 0x21, 0x63, 0x31, 0x23, 0x0f, 0xc1, 0x42,
0xc6, 0xc6, 0x7c, 0x96, 0xa0, 0x5d, 0xe9, 0x57, 0x06, 0x5d, 0xb7, 0x89, 0x8c, 0x9d, 0xcf, 0x12,
0x24, 0xdf, 0x01, 0xb1, 0x1c, 0x4f, 0xd3, 0x89, 0x5d, 0xed, 0x57, 0xc4, 0x09, 0xc8, 0xd8, 0x49,
0x3a, 0xc9, 0xf7, 0x78, 0xb1, 0x8f, 0x76, 0xad, 0x5f, 0x19, 0xd4, 0xe4, 0x9e, 0xfd, 0xd8, 0x47,
0xe7, 0x8f, 0x15, 0xa8, 0x9f, 0x52, 0x7e, 0x95, 0x12, 0x02, 0x6b, 0x2c, 0x8e, 0xb9, 0x36, 0x2e,
0xd7, 0x64, 0x00, 0x1b, 0x59, 0x44, 0x33, 0x7e, 0x85, 0x11, 0x0f, 0x3c, 0xca, 0xd1, 0xb7, 0xab,
0x52, 0xbc, 0xc8, 0x26, 0x1f, 0x42, 0x37, 0x8c, 0x3d, 0x1a, 0x8e, 0x53, 0x1e, 0x33, 0x3a, 0x11,
0x76, 0x84, 0x5e, 0x47, 0x32, 0xcf, 0x14, 0x8f, 0x3c, 0x83, 0xad, 0x14, 0x69, 0x38, 0xbe, 0x65,
0x34, 0x29, 0x14, 0xd7, 0xd4, 0x81, 0x42, 0xf0, 0x0d, 0xa3, 0x89, 0xd6, 0x75, 0xfe, 0xd2, 0x80,
0xa6, 0x8b, 0xbf, 0xcf, 0x30, 0xe5, 0x64, 0x1d, 0xaa, 0x81, 0x2f, 0xa3, 0x6d, 0xb9, 0xd5, 0xc0,
0x27, 0x43, 0x20, 0x2e, 0x26, 0xa1, 0x30, 0x1d, 0xc4, 0xd1, 0x7e, 0x98, 0xa5, 0x1c, 0x99, 0x8e,
0x79, 0x85, 0x84, 0x3c, 0x86, 0x56, 0x9c, 0x20, 0x93, 0x3c, 0x99, 0x80, 0x96, 0x3b, 0x67, 0x88,
0xc0, 0x13, 0xca, 0xaf, 0xec, 0x35, 0x29, 0x90, 0x6b, 0xc1, 0xf3, 0x29, 0xa7, 0x76, 0x5d, 0xf1,
0xc4, 0x9a, 0x38, 0xd0, 0x48, 0xd1, 0x63, 0xc8, 0xed, 0x46, 0xbf, 0x32, 0x68, 0x8f, 0x60, 0x98,
0x5c, 0x0c, 0xcf, 0x24, 0xc7, 0xd5, 0x12, 0xf2, 0x18, 0xd6, 0x44, 0x5e, 0xec, 0xa6, 0xd4, 0xb0,
0x84, 0xc6, 0x5e, 0xc6, 0xaf, 0x5c, 0xc9, 0x25, 0x23, 0x68, 0xaa, 0x6f, 0x9a, 0xda, 0x56, 0xbf,
0x36, 0x68, 0x8f, 0x6c, 0xa1, 0xa0, 0xa3, 0x1c, 0xaa, 0x32, 0x48, 0x0f, 0x23, 0xce, 0x66, 0x6e,
0xae, 0x48, 0xbe, 0x07, 0x1d, 0x2f, 0x0c, 0x30, 0xe2, 0x63, 0x1e, 0x5f, 0x63, 0x64, 0xb7, 0xa4,
0x47, 0x6d, 0xc5, 0x3b, 0x17, 0x2c, 0x32, 0x82, 0xfb, 0xa6, 0xca, 0x98, 0x7a, 0x1e, 0xa6, 0x69,
0xcc, 0x6c, 0x90, 0xba, 0xf7, 0x0c, 0xdd, 0x3d, 0x2d, 0x12, 0xc7, 0xfa, 0x41, 0x9a, 0x84, 0x74,
0x36, 0x8e, 0xe8, 0x14, 0xed, 0xb6, 0x3a, 0x56, 0xf3, 0xbe, 0xa2, 0x53, 0x24, 0x3b, 0xd0, 0x9e,
0xc6, 0x59, 0xc4, 0xc7, 0x49, 0x1c, 0x44, 0xdc, 0xee, 0x48, 0x0d, 0x90, 0xac, 0x53, 0xc1, 0x21,
0x1f, 0x80, 0xa2, 0x54, 0x31, 0x76, 0x55, 0x5e, 0x25, 0x47, 0x96, 0xe3, 0x13, 0x58, 0x57, 0xe2,
0xc2, 0x9f, 0x75, 0xa9, 0xd2, 0x95, 0xdc, 0xc2, 0x93, 0x17, 0xd0, 0x92, 0xf5, 0x10, 0x44, 0x97,
0xb1, 0xbd, 0x21, 0xf3, 0x76, 0xcf, 0x48, 0x8b, 0xa8, 0x89, 0xa3, 0xe8, 0x32, 0x76, 0xad, 0x5b,
0xbd, 0x22, 0x9f, 0xc2, 0xa3, 0x52, 0xbc, 0x0c, 0xa7, 0x34, 0x88, 0x82, 0x68, 0x32, 0xce, 0x52,
0x4c, 0xed, 0x4d, 0x59, 0xe1, 0xb6, 0x11, 0xb5, 0x9b, 0x2b, 0xbc, 0x49, 0x31, 0x25, 0x8f, 0xa0,
0x25, 0xea, 0x96, 0xcf, 0xc6, 0x81, 0x6f, 0x6f, 0x49, 0x97, 0x2c, 0xc5, 0x38, 0xf2, 0xc9, 0x47,
0xb0, 0x91, 0xc4, 0x61, 0xe0, 0xcd, 0xc6, 0xf1, 0x0d, 0x32, 0x16, 0xf8, 0x68, 0x93, 0x7e, 0x65,
0x60, 0xb9, 0xeb, 0x8a, 0xfd, 0xb5, 0xe6, 0xae, 0x6a, 0x8d, 0x7b, 0x52, 0x71, 0xa9, 0x35, 0x86,
0x00, 0x5e, 0x1c, 0x45, 0xe8, 0xc9, 0xf2, 0xdb, 0x96, 0x11, 0xae, 0x8b, 0x08, 0xf7, 0x0b, 0xae,
0x6b, 0x68, 0xf4, 0x3e, 0x87, 0x8e, 0x59, 0x0a, 0x64, 0x13, 0x6a, 0xd7, 0x38, 0xd3, 0xe5, 0x2f,
0x96, 0xa4, 0x0f, 0xf5, 0x1b, 0x1a, 0x66, 0x28, 0x4b, 0x5e, 0x17, 0xa2, 0xda, 0xe2, 0x2a, 0xc1,
0x4f, 0xab, 0xaf, 0x2a, 0x0e, 0x85, 0xfa, 0x5e, 0x18, 0xd0, 0x74, 0xe1, 0x3b, 0x55, 0xde, 0xfd,
0x9d, 0xaa, 0xab, 0xbe, 0x13, 0x81, 0x35, 0x59, 0x29, 0xaa, 0x7f, 0xe4, 0xda, 0xf9, 0x57, 0x0d,
0xd6, 0x44, 0x7d, 0x93, 0x1f, 0x41, 0x37, 0x44, 0x9a, 0xe2, 0x38, 0x4e, 0x44, 0x0c, 0xa9, 0xb4,
0xd2, 0x1e, 0x6d, 0x0a, 0xcf, 0x8e, 0x85, 0xe0, 0x6b, 0xc5, 0x77, 0x3b, 0xa1, 0x41, 0x09, 0xd4,
0x08, 0x22, 0x8e, 0x2c, 0xa2, 0xe1, 0x58, 0xf6, 0x9b, 0xb2, 0xdc, 0xc9, 0x99, 0x07, 0xa2, 0xef,
0x16, 0x4b, 0xb5, 0xb6, 0x5c, 0xaa, 0x3d, 0xb0, 0xe4, 0xe7, 0x09, 0x30, 0xd5, 0x78, 0x52, 0xd0,
0x64, 0x04, 0xd6, 0x14, 0x39, 0xd5, 0xed, 0x2c, 0xba, 0xee, 0x41, 0xde, 0x96, 0xc3, 0x13, 0x2d,
0x50, 0x3d, 0x57, 0xe8, 0x2d, 0x35, 0x5d, 0x63, 0xb9, 0xe9, 0x7a, 0x60, 0x15, 0xf9, 0x6a, 0xaa,
0x22, 0xca, 0x69, 0x81, 0xe4, 0x09, 0xb2, 0x20, 0xf6, 0x6d, 0x4b, 0xd6, 0xa2, 0xa6, 0x04, 0x0e,
0x47, 0xd9, 0x54, 0x55, 0x69, 0x4b, 0xe1, 0x70, 0x94, 0x4d, 0x97, 0x8b, 0x12, 0x16, 0x8a, 0x72,
0x07, 0xea, 0x54, 0x7c, 0x49, 0xd9, 0xa5, 0xed, 0x51, 0x4b, 0xfa, 0x2f, 0x18, 0xae, 0xe2, 0x93,
0x21, 0x74, 0x27, 0x2c, 0xce, 0x92, 0xb1, 0x24, 0x31, 0xb5, 0x3b, 0x32, 0x50, 0x43, 0xb1, 0x23,
0xe5, 0x7b, 0x4a, 0xdc, 0xfb, 0x19, 0x74, 0x4b, 0xa1, 0xaf, 0xa8, 0xb1, 0x6d, 0xb3, 0xc6, 0x5a,
0x66, 0x5d, 0xfd, 0xa9, 0x02, 0x1d, 0xf3, 0x9b, 0x8a, 0xcd, 0xe7, 0xe7, 0xc7, 0x72, 0x73, 0xcd,
0x15, 0x4b, 0x01, 0xb8, 0x0c, 0x23, 0xbc, 0xa5, 0x17, 0xa1, 0x3a, 0xc0, 0x72, 0xe7, 0x0c, 0x21,
0x0d, 0x22, 0x8f, 0xe1, 0x14, 0x23, 0xae, 0xe7, 0xd1, 0x9c, 0x41, 0x3e, 0x01, 0x08, 0xd2, 0x34,
0xc3, 0xb1, 0x18, 0x99, 0x12, 0x94, 0xdb, 0xa3, 0xde, 0x50, 0xcd, 0xd3, 0x61, 0x3e, 0x4f, 0x87,
0xe7, 0xf9, 0x3c, 0x75, 0x5b, 0x52, 0x5b, 0xd0, 0x22, 0xef, 0x27, 0xf4, 0xad, 0xf0, 0xa5, 0xae,
0xf2, 0xae, 0x28, 0xe7, 0x0f, 0xd0, 0x50, 0x38, 0xfd, 0x7f, 0xad, 0xd3, 0x87, 0x60, 0xa9, 0xb3,
0x03, 0x5f, 0xd7, 0x68, 0x53, 0xd2, 0x47, 0xbe, 0xf3, 0xb7, 0x0a, 0x58, 0x2e, 0xa6, 0x49, 0x1c,
0xa5, 0x68, 0xcc, 0x91, 0xca, 0x3b, 0xe7, 0x48, 0x75, 0xe5, 0x1c, 0xc9, 0xa7, 0x53, 0xcd, 0x98,
0x4e, 0x3d, 0xb0, 0x18, 0xfa, 0x01, 0x43, 0x8f, 0xeb, 0x49, 0x56, 0xd0, 0x42, 0x76, 0x4b, 0x99,
0x00, 0xc0, 0x54, 0xb6, 0x40, 0xcb, 0x2d, 0x68, 0xf2, 0xd2, 0x84, 0x5f, 0x35, 0xd8, 0xb6, 0x15,
0xfc, 0x2a, 0x77, 0x97, 0xf1, 0xd7, 0xf9, 0x6b, 0x15, 0x36, 0x17, 0xc5, 0x2b, 0x8a, 0x60, 0x1b,
0xea, 0xaa, 0x7b, 0x74, 0x05, 0xf1, 0xa5, 0xbe, 0xa9, 0x2d, 0xf4, 0xcd, 0xcf, 0xa1, 0xeb, 0x31,
0x94, 0x53, 0xf9, 0x7d, 0xbf, 0x7e, 0x27, 0xdf, 0x20, 0x0b, 0xe0, 0x63, 0xd8, 0x14, 0x5e, 0x26,
0xe8, 0xcf, 0xc1, 0x4c, 0x8d, 0xf0, 0x0d, 0xcd, 0x2f, 0xe0, 0xec, 0x19, 0x6c, 0xe5, 0xaa, 0xf3,
0xc6, 0x6b, 0x94, 0x74, 0x0f, 0xf3, 0xfe, 0x7b, 0x00, 0x8d, 0xcb, 0x98, 0x4d, 0x29, 0xd7, 0x9d,
0xae, 0x29, 0x51, 0x16, 0x85, 0xbf, 0xf2, 0x0a, 0x61, 0xa9, 0xb2, 0xc8, 0x99, 0xe2, 0x62, 0x25,
0x3a, 0xbb, 0xb8, 0xf4, 0xc8, 0xae, 0xb7, 0x5c, 0x2b, 0xbf, 0xec, 0x38, 0xbf, 0x86, 0x8d, 0x85,
0x39, 0xb7, 0x22, 0x91, 0x73, 0xf3, 0xd5, 0x92, 0xf9, 0xd2, 0xc9, 0xb5, 0x85, 0x93, 0x7f, 0x03,
0x5b, 0x5f, 0xd0, 0xc8, 0x0f, 0x51, 0x9f, 0xbf, 0xc7, 0x26, 0x72, 0x12, 0xe8, 0x6b, 0xd7, 0x58,
0x5f, 0xa8, 0xba, 0x6e, 0x4b, 0x73, 0x8e, 0x7c, 0xf2, 0x04, 0x9a, 0x4c, 0x69, 0xeb, 0xc2, 0x6b,
0x1b, 0x83, 0xd8, 0xcd, 0x65, 0xce, 0xb7, 0x40, 0x4a, 0x47, 0x8b, 0x1b, 0xd7, 0x8c, 0x0c, 0x44,
0x01, 0xaa, 0xa2, 0xd0, 0x85, 0xdd, 0x31, 0xeb, 0xc8, 0x2d, 0xa4, 0xa4, 0x0f, 0x35, 0x64, 0x4c,
0x9b, 0x90, 0x93, 0x70, 0x7e, 0xbf, 0x75, 0x85, 0xc8, 0xf9, 0x21, 0x6c, 0x9d, 0x25, 0xe8, 0x05,
0x34, 0x94, 0x77, 0x53, 0x65, 0x60, 0x07, 0xea, 0x22, 0xc9, 0x79, 0xcf, 0x4a, 0x70, 0x53, 0x62,
0xc5, 0x77, 0xbe, 0x05, 0x5b, 0xf9, 0x75, 0xf8, 0x36, 0x48, 0x39, 0x46, 0x1e, 0xee, 0x5f, 0xa1,
0x77, 0xfd, 0x3f, 0x8c, 0xfc, 0x06, 0x1e, 0xae, 0xb2, 0x90, 0xfb, 0xd7, 0xf6, 0x04, 0x35, 0xbe,
0x8c, 0xb3, 0x48, 0xd9, 0xb0, 0x5c, 0x90, 0xac, 0xcf, 0x05, 0x47, 0x7c, 0x47, 0x14, 0xfb, 0x52,
0x0d, 0x89, 0x9a, 0xca, 0xf3, 0x51, 0xbb, 0x3b, 0x1f, 0x7f, 0xae, 0x40, 0xeb, 0x0c, 0x79, 0x96,
0xc8, 0x58, 0x1e, 0x41, 0xeb, 0x82, 0xc5, 0xd7, 0xc8, 0xe6, 0xa1, 0x58, 0x8a, 0x71, 0xe4, 0x93,
0x97, 0xd0, 0xd8, 0x8f, 0xa3, 0xcb, 0x60, 0x22, 0x6f, 0xea, 0xed, 0xd1, 0x43, 0x85, 0x2e, 0x7a,
0xef, 0x50, 0xc9, 0xd4, 0xbc, 0xd3, 0x8a, 0xa4, 0x0f, 0x6d, 0xfd, 0x82, 0x79, 0xf3, 0xe6, 0xe8,
0x20, 0x9f, 0xaf, 0x06, 0xab, 0xf7, 0x09, 0xb4, 0x8d, 0x8d, 0xff, 0xd5, 0xb4, 0xf8, 0x2e, 0x80,
0xb4, 0xae, 0x72, 0xb4, 0xa9, 0x42, 0xd5, 0x3b, 0x45, 0x68, 0x3b, 0xd0, 0x12, 0xb7, 0x10, 0x25,
0x26, 0xb0, 0x66, 0x3c, 0x6c, 0xe4, 0xda, 0x79, 0x02, 0x5b, 0x47, 0xd1, 0x0d, 0x0d, 0x03, 0x9f,
0x72, 0xfc, 0x12, 0x67, 0x32, 0x05, 0x4b, 0x1e, 0x38, 0x67, 0xd0, 0xd1, 0x4f, 0x87, 0xf7, 0xf2,
0xb1, 0xa3, 0x7d, 0xfc, 0xcf, 0x4d, 0xf4, 0x31, 0x6c, 0xe8, 0x43, 0x8f, 0x03, 0xdd, 0x42, 0x62,
0xb6, 0x33, 0xbc, 0x0c, 0xde, 0xea, 0xa3, 0x35, 0xe5, 0xbc, 0x82, 0x4d, 0x43, 0xb5, 0x08, 0xe7,
0x1a, 0x67, 0x69, 0xfe, 0xa4, 0x12, 0xeb, 0x3c, 0x03, 0xd5, 0x79, 0x06, 0x1c, 0x58, 0xd7, 0x3b,
0x5f, 0x23, 0xbf, 0x23, 0xba, 0x2f, 0x0b, 0x47, 0x5e, 0xa3, 0x3e, 0xfc, 0x29, 0xd4, 0x51, 0x44,
0x6a, 0x8e, 0x30, 0x33, 0x03, 0xae, 0x12, 0xaf, 0x30, 0xf8, 0xaa, 0x30, 0x78, 0x9a, 0x29, 0x83,
0xef, 0x79, 0x96, 0xf3, 0x61, 0xe1, 0xc6, 0x69, 0xc6, 0xef, 0xfa, 0xa2, 0x4f, 0x60, 0x4b, 0x2b,
0x1d, 0x60, 0x88, 0x1c, 0xef, 0x08, 0xe9, 0x29, 0x90, 0x92, 0xda, 0x5d, 0xc7, 0x3d, 0x06, 0xeb,
0xfc, 0xfc, 0xb8, 0x90, 0x96, 0xb1, 0xd1, 0xf9, 0x14, 0xb6, 0xce, 0x32, 0x3f, 0x3e, 0x65, 0xc1,
0x4d, 0x10, 0xe2, 0x44, 0x19, 0xcb, 0x5f, 0x74, 0x15, 0xe3, 0x45, 0xb7, 0x72, 0x1a, 0x39, 0x03,
0x20, 0xa5, 0xed, 0xc5, 0x77, 0x4b, 0x33, 0x3f, 0xd6, 0x2d, 0x2c, 0xd7, 0xce, 0x00, 0x3a, 0xe7,
0x54, 0xcc, 0x7b, 0x5f, 0xe9, 0xd8, 0xd0, 0xe4, 0x8a, 0xd6, 0x6a, 0x39, 0xe9, 0x8c, 0x60, 0x7b,
0x9f, 0x7a, 0x57, 0x41, 0x34, 0x39, 0x08, 0x52, 0x71, 0xe1, 0xd1, 0x3b, 0x7a, 0x60, 0xf9, 0x9a,
0xa1, 0xb7, 0x14, 0xb4, 0xf3, 0x1c, 0xee, 0x1b, 0xef, 0xd6, 0x33, 0x4e, 0xf3, 0x7c, 0x6c, 0x43,
0x3d, 0x15, 0x94, 0xdc, 0x51, 0x77, 0x15, 0xe1, 0x7c, 0x05, 0xdb, 0xe6, 0x00, 0x16, 0xd7, 0x8f,
0x3c, 0x70, 0x79, 0x31, 0xa8, 0x18, 0x17, 0x03, 0x9d, 0xb3, 0xea, 0x7c, 0x9e, 0x6c, 0x42, 0xed,
0x97, 0xdf, 0x9c, 0xeb, 0x62, 0x17, 0x4b, 0xe7, 0x77, 0xc2, 0x7c, 0xf9, 0x3c, 0x65, 0xbe, 0x74,
0x3b, 0xa8, 0xbc, 0xcf, 0xed, 0x60, 0x45, 0xbd, 0x3d, 0x87, 0xad, 0x93, 0x30, 0xf6, 0xae, 0x0f,
0x23, 0x23, 0x1b, 0x36, 0x34, 0x31, 0x32, 0x93, 0x91, 0x93, 0xce, 0x47, 0xb0, 0x71, 0x1c, 0x7b,
0x34, 0x3c, 0x11, 0xcf, 0x8f, 0x22, 0x0b, 0xf2, 0x47, 0x82, 0x56, 0x55, 0x84, 0xf3, 0x1c, 0x60,
0xfe, 0x84, 0x12, 0xf0, 0xcb, 0x70, 0x1a, 0x73, 0x1c, 0x53, 0xdf, 0xcf, 0x2b, 0x08, 0x14, 0x6b,
0xcf, 0xf7, 0xd9, 0xe8, 0x9f, 0x55, 0x68, 0xfe, 0x42, 0x81, 0x1a, 0xf9, 0x0c, 0xba, 0xa5, 0x11,
0x46, 0xee, 0xcb, 0x37, 0xd4, 0xe2, 0xc0, 0xec, 0x3d, 0x58, 0x62, 0x2b, 0x87, 0x5e, 0x40, 0xc7,
0x1c, 0x50, 0x44, 0x0e, 0x23, 0xf9, 0x43, 0xa7, 0x27, 0x4f, 0x5a, 0x9e, 0x5e, 0x67, 0xb0, 0xbd,
0x6a, 0x74, 0x90, 0xc7, 0x73, 0x0b, 0xcb, 0x63, 0xab, 0xf7, 0xc1, 0x5d, 0xd2, 0x7c, 0xe4, 0x34,
0xf7, 0x43, 0xa4, 0x51, 0x96, 0x98, 0x1e, 0xcc, 0x97, 0xe4, 0x25, 0x74, 0x4b, 0xe0, 0xa9, 0xe2,
0x5c, 0xc2, 0x53, 0x73, 0xcb, 0x53, 0xa8, 0x4b, 0xc0, 0x26, 0xdd, 0xd2, 0xe4, 0xe8, 0xad, 0x17,
0xa4, 0xb2, 0xdd, 0x87, 0x35, 0xf9, 0x7c, 0x34, 0x0c, 0xcb, 0x1d, 0x05, 0x9a, 0x8f, 0xfe, 0x5e,
0x81, 0x66, 0xfe, 0xeb, 0xe7, 0x25, 0xac, 0x09, 0x5c, 0x24, 0xf7, 0x0c, 0x68, 0xc9, 0x31, 0xb5,
0xb7, 0xbd, 0xc0, 0x54, 0x06, 0x86, 0x50, 0x7b, 0x8d, 0x9c, 0x10, 0x43, 0xa8, 0x01, 0xb2, 0x77,
0xaf, 0xcc, 0x2b, 0xf4, 0x4f, 0xb3, 0xb2, 0xbe, 0xc6, 0xb7, 0x92, 0x7e, 0x81, 0x5c, 0x3f, 0x81,
0x86, 0x42, 0x1e, 0x95, 0x94, 0x25, 0xcc, 0x52, 0x1f, 0x7f, 0x19, 0xa3, 0x46, 0xff, 0xa8, 0x01,
0x9c, 0xcd, 0x52, 0x8e, 0xd3, 0x5f, 0x05, 0x78, 0x4b, 0x9e, 0xc1, 0xc6, 0x01, 0x5e, 0xd2, 0x2c,
0xe4, 0xf2, 0x05, 0x21, 0x3a, 0xcc, 0xc8, 0x89, 0xbc, 0x04, 0x15, 0x00, 0xf6, 0x14, 0xda, 0x27,
0xf4, 0xed, 0xbb, 0xf5, 0x3e, 0x83, 0x6e, 0x09, 0x97, 0xb4, 0x8b, 0x8b, 0x48, 0xa7, 0x5d, 0x5c,
0x46, 0xb0, 0xa7, 0xd0, 0xd4, 0x68, 0x65, 0xda, 0x90, 0xb8, 0x5e, 0x42, 0xb1, 0x1f, 0xc3, 0xc6,
0x02, 0x56, 0x99, 0xfa, 0xf2, 0xf7, 0xd4, 0x4a, 0x2c, 0x7b, 0x25, 0x5e, 0x00, 0x65, 0xbc, 0x32,
0x37, 0x3e, 0x54, 0x18, 0xb1, 0x0a, 0xd0, 0x5e, 0x97, 0xdf, 0x0e, 0xf2, 0xe5, 0x64, 0x2f, 0x42,
0x4a, 0x0e, 0x68, 0xf9, 0x41, 0xab, 0xa0, 0xe9, 0x05, 0x74, 0x4c, 0x54, 0x59, 0x6a, 0xc1, 0x65,
0xc8, 0xf9, 0x3e, 0xc0, 0x1c, 0x58, 0x4c, 0x7d, 0x59, 0x1e, 0x0b, 0x98, 0x73, 0xd1, 0x90, 0xaf,
0x8d, 0x1f, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x3f, 0x7b, 0x3e, 0xd0, 0xf0, 0x15, 0x00, 0x00,
var fileDescriptor_backend_a4dea436a6c1c127 = []byte{
// 2134 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x5f, 0x6f, 0xdb, 0xc8,
0x11, 0x87, 0x24, 0x4b, 0xa2, 0x46, 0x92, 0xff, 0x6c, 0x7c, 0x29, 0xa3, 0xcb, 0xd5, 0x2a, 0x0f,
0xc9, 0xf9, 0x82, 0x46, 0x49, 0xd4, 0x7f, 0xb9, 0x16, 0x77, 0x85, 0xeb, 0xf8, 0x72, 0xee, 0xc5,
0x77, 0x06, 0xed, 0xf4, 0x5a, 0xb4, 0x80, 0x6e, 0x4d, 0x8e, 0x65, 0xc2, 0x14, 0xc9, 0x2e, 0x97,
0x49, 0xf4, 0xd4, 0x0f, 0x51, 0xa0, 0x5f, 0xa3, 0xaf, 0x7d, 0xeb, 0x6b, 0x81, 0x3e, 0xf7, 0x13,
0xf4, 0xbd, 0x9f, 0xa1, 0xd8, 0xd9, 0x25, 0x45, 0x4a, 0x72, 0x93, 0x02, 0xed, 0x1b, 0xe7, 0x37,
0xb3, 0x3b, 0xbb, 0xb3, 0x33, 0xbf, 0xd9, 0x25, 0xec, 0x85, 0xf1, 0x34, 0xf0, 0x78, 0xf8, 0x28,
0x09, 0xb3, 0x69, 0x10, 0x3d, 0x4a, 0x2e, 0x1e, 0x5d, 0x70, 0xef, 0x1a, 0x23, 0x7f, 0x94, 0x88,
0x58, 0xc6, 0xac, 0x9e, 0x5c, 0x0c, 0xf6, 0xa6, 0x71, 0x3c, 0x0d, 0xf1, 0x11, 0x21, 0x17, 0xd9,
0xe5, 0x23, 0x19, 0xcc, 0x30, 0x95, 0x7c, 0x96, 0x68, 0x23, 0xa7, 0x0d, 0xcd, 0xa3, 0x59, 0x22,
0xe7, 0xce, 0x10, 0x5a, 0x5f, 0x20, 0xf7, 0x51, 0xb0, 0xdb, 0xd0, 0xba, 0xa2, 0x2f, 0xbb, 0x36,
0x6c, 0xec, 0x77, 0x5c, 0x23, 0x39, 0xbf, 0x05, 0x38, 0x55, 0x63, 0x8e, 0x84, 0x88, 0x05, 0xbb,
0x03, 0x16, 0x0a, 0x31, 0x91, 0xf3, 0x04, 0xed, 0xda, 0xb0, 0xb6, 0xdf, 0x77, 0xdb, 0x28, 0xc4,
0xf9, 0x3c, 0x41, 0xf6, 0x1d, 0x50, 0x9f, 0x93, 0x59, 0x3a, 0xb5, 0xeb, 0xc3, 0x9a, 0x9a, 0x01,
0x85, 0x38, 0x49, 0xa7, 0xf9, 0x18, 0x2f, 0xf6, 0xd1, 0x6e, 0x0c, 0x6b, 0xfb, 0x0d, 0x1a, 0x73,
0x18, 0xfb, 0xe8, 0xfc, 0xa9, 0x06, 0xcd, 0x53, 0x2e, 0xaf, 0x52, 0xc6, 0x60, 0x43, 0xc4, 0xb1,
0x34, 0xce, 0xe9, 0x9b, 0xed, 0xc3, 0x56, 0x16, 0xf1, 0x4c, 0x5e, 0x61, 0x24, 0x03, 0x8f, 0x4b,
0xf4, 0xed, 0x3a, 0xa9, 0x97, 0x61, 0xf6, 0x21, 0xf4, 0xc3, 0xd8, 0xe3, 0xe1, 0x24, 0x95, 0xb1,
0xe0, 0x53, 0xe5, 0x47, 0xd9, 0xf5, 0x08, 0x3c, 0xd3, 0x18, 0x7b, 0x00, 0x3b, 0x29, 0xf2, 0x70,
0xf2, 0x5a, 0xf0, 0xa4, 0x30, 0xdc, 0xd0, 0x13, 0x2a, 0xc5, 0x37, 0x82, 0x27, 0xc6, 0xd6, 0xf9,
0x6b, 0x0b, 0xda, 0x2e, 0xfe, 0x3e, 0xc3, 0x54, 0xb2, 0x4d, 0xa8, 0x07, 0x3e, 0xed, 0xb6, 0xe3,
0xd6, 0x03, 0x9f, 0x8d, 0x80, 0xb9, 0x98, 0x84, 0xca, 0x75, 0x10, 0x47, 0x87, 0x61, 0x96, 0x4a,
0x14, 0x66, 0xcf, 0x6b, 0x34, 0xec, 0x2e, 0x74, 0xe2, 0x04, 0x05, 0x61, 0x14, 0x80, 0x8e, 0xbb,
0x00, 0xd4, 0xc6, 0x13, 0x2e, 0xaf, 0xec, 0x0d, 0x52, 0xd0, 0xb7, 0xc2, 0x7c, 0x2e, 0xb9, 0xdd,
0xd4, 0x98, 0xfa, 0x66, 0x0e, 0xb4, 0x52, 0xf4, 0x04, 0x4a, 0xbb, 0x35, 0xac, 0xed, 0x77, 0xc7,
0x30, 0x4a, 0x2e, 0x46, 0x67, 0x84, 0xb8, 0x46, 0xc3, 0xee, 0xc2, 0x86, 0x8a, 0x8b, 0xdd, 0x26,
0x0b, 0x4b, 0x59, 0x1c, 0x64, 0xf2, 0xca, 0x25, 0x94, 0x8d, 0xa1, 0xad, 0xcf, 0x34, 0xb5, 0xad,
0x61, 0x63, 0xbf, 0x3b, 0xb6, 0x95, 0x81, 0xd9, 0xe5, 0x48, 0xa7, 0x41, 0x7a, 0x14, 0x49, 0x31,
0x77, 0x73, 0x43, 0xf6, 0x3d, 0xe8, 0x79, 0x61, 0x80, 0x91, 0x9c, 0xc8, 0xf8, 0x1a, 0x23, 0xbb,
0x43, 0x2b, 0xea, 0x6a, 0xec, 0x5c, 0x41, 0x6c, 0x0c, 0xef, 0x95, 0x4d, 0x26, 0xdc, 0xf3, 0x30,
0x4d, 0x63, 0x61, 0x03, 0xd9, 0xde, 0x2a, 0xd9, 0x1e, 0x18, 0x95, 0x9a, 0xd6, 0x0f, 0xd2, 0x24,
0xe4, 0xf3, 0x49, 0xc4, 0x67, 0x68, 0x77, 0xf5, 0xb4, 0x06, 0xfb, 0x8a, 0xcf, 0x90, 0xed, 0x41,
0x77, 0x16, 0x67, 0x91, 0x9c, 0x24, 0x71, 0x10, 0x49, 0xbb, 0x47, 0x16, 0x40, 0xd0, 0xa9, 0x42,
0xd8, 0x07, 0xa0, 0x25, 0x9d, 0x8c, 0x7d, 0x1d, 0x57, 0x42, 0x28, 0x1d, 0xef, 0xc1, 0xa6, 0x56,
0x17, 0xeb, 0xd9, 0x24, 0x93, 0x3e, 0xa1, 0xc5, 0x4a, 0x1e, 0x43, 0x87, 0xf2, 0x21, 0x88, 0x2e,
0x63, 0x7b, 0x8b, 0xe2, 0x76, 0xab, 0x14, 0x16, 0x95, 0x13, 0xc7, 0xd1, 0x65, 0xec, 0x5a, 0xaf,
0xcd, 0x17, 0xfb, 0x14, 0xde, 0xaf, 0xec, 0x57, 0xe0, 0x8c, 0x07, 0x51, 0x10, 0x4d, 0x27, 0x59,
0x8a, 0xa9, 0xbd, 0x4d, 0x19, 0x6e, 0x97, 0x76, 0xed, 0xe6, 0x06, 0x2f, 0x53, 0x4c, 0xd9, 0xfb,
0xd0, 0x51, 0x79, 0x2b, 0xe7, 0x93, 0xc0, 0xb7, 0x77, 0x68, 0x49, 0x96, 0x06, 0x8e, 0x7d, 0xf6,
0x11, 0x6c, 0x25, 0x71, 0x18, 0x78, 0xf3, 0x49, 0xfc, 0x0a, 0x85, 0x08, 0x7c, 0xb4, 0xd9, 0xb0,
0xb6, 0x6f, 0xb9, 0x9b, 0x1a, 0xfe, 0xda, 0xa0, 0xeb, 0x4a, 0xe3, 0x16, 0x19, 0xae, 0x94, 0xc6,
0x08, 0xc0, 0x8b, 0xa3, 0x08, 0x3d, 0x4a, 0xbf, 0x5d, 0xda, 0xe1, 0xa6, 0xda, 0xe1, 0x61, 0x81,
0xba, 0x25, 0x8b, 0xc1, 0xe7, 0xd0, 0x2b, 0xa7, 0x02, 0xdb, 0x86, 0xc6, 0x35, 0xce, 0x4d, 0xfa,
0xab, 0x4f, 0x36, 0x84, 0xe6, 0x2b, 0x1e, 0x66, 0x48, 0x29, 0x6f, 0x12, 0x51, 0x0f, 0x71, 0xb5,
0xe2, 0xa7, 0xf5, 0xa7, 0x35, 0x87, 0x43, 0xf3, 0x20, 0x0c, 0x78, 0xba, 0x74, 0x4e, 0xb5, 0xb7,
0x9f, 0x53, 0x7d, 0xdd, 0x39, 0x31, 0xd8, 0xa0, 0x4c, 0xd1, 0xf5, 0x43, 0xdf, 0xce, 0x1f, 0x37,
0x60, 0x43, 0xe5, 0x37, 0xfb, 0x11, 0xf4, 0x43, 0xe4, 0x29, 0x4e, 0xe2, 0x44, 0xed, 0x21, 0x25,
0x2f, 0xdd, 0xf1, 0xb6, 0x5a, 0xd9, 0x0b, 0xa5, 0xf8, 0x5a, 0xe3, 0x6e, 0x2f, 0x2c, 0x49, 0x8a,
0x35, 0x82, 0x48, 0xa2, 0x88, 0x78, 0x38, 0xa1, 0x7a, 0xd3, 0x9e, 0x7b, 0x39, 0xf8, 0x4c, 0xd5,
0xdd, 0x72, 0xaa, 0x36, 0x56, 0x53, 0x75, 0x00, 0x16, 0x1d, 0x4f, 0x80, 0xa9, 0xe1, 0x93, 0x42,
0x66, 0x63, 0xb0, 0x66, 0x28, 0xb9, 0x29, 0x67, 0x55, 0x75, 0xb7, 0xf3, 0xb2, 0x1c, 0x9d, 0x18,
0x85, 0xae, 0xb9, 0xc2, 0x6e, 0xa5, 0xe8, 0x5a, 0xab, 0x45, 0x37, 0x00, 0xab, 0x88, 0x57, 0x5b,
0x27, 0x51, 0x2e, 0x2b, 0x26, 0x4f, 0x50, 0x04, 0xb1, 0x6f, 0x5b, 0x94, 0x8b, 0x46, 0x52, 0x3c,
0x1c, 0x65, 0x33, 0x9d, 0xa5, 0x1d, 0xcd, 0xc3, 0x51, 0x36, 0x5b, 0x4d, 0x4a, 0x58, 0x4a, 0xca,
0x3d, 0x68, 0x72, 0x75, 0x92, 0x54, 0xa5, 0xdd, 0x71, 0x87, 0xd6, 0xaf, 0x00, 0x57, 0xe3, 0x6c,
0x04, 0xfd, 0xa9, 0x88, 0xb3, 0x64, 0x42, 0x22, 0xa6, 0x76, 0x8f, 0x36, 0x5a, 0x32, 0xec, 0x91,
0xfe, 0x40, 0xab, 0x55, 0x69, 0x5f, 0xc4, 0x59, 0xe4, 0x4f, 0xbc, 0xc0, 0x17, 0xa9, 0xdd, 0xa7,
0x90, 0x01, 0x41, 0x87, 0x0a, 0x19, 0xfc, 0x0c, 0xfa, 0x95, 0xd8, 0xac, 0x49, 0xc2, 0xdd, 0x72,
0x12, 0x76, 0xca, 0x89, 0xf7, 0xe7, 0x1a, 0xf4, 0xca, 0x87, 0xae, 0x06, 0x9f, 0x9f, 0xbf, 0xa0,
0xc1, 0x0d, 0x57, 0x7d, 0x2a, 0x46, 0x16, 0x18, 0xe1, 0x6b, 0x7e, 0x11, 0xea, 0x09, 0x2c, 0x77,
0x01, 0x28, 0x6d, 0x10, 0x79, 0x02, 0x67, 0x18, 0x49, 0xd3, 0xb0, 0x16, 0x00, 0xfb, 0x04, 0x20,
0x48, 0xd3, 0x0c, 0x27, 0xaa, 0xa7, 0x12, 0x6b, 0x77, 0xc7, 0x83, 0x91, 0x6e, 0xb8, 0xa3, 0xbc,
0xe1, 0x8e, 0xce, 0xf3, 0x86, 0xeb, 0x76, 0xc8, 0x5a, 0xc9, 0xea, 0x60, 0x4e, 0xf8, 0x1b, 0xb5,
0x96, 0xa6, 0x3e, 0x18, 0x2d, 0x39, 0x7f, 0x80, 0x96, 0x26, 0xf2, 0xff, 0x6b, 0x22, 0xdf, 0x01,
0x4b, 0xcf, 0x1d, 0xf8, 0x26, 0x89, 0xdb, 0x24, 0x1f, 0xfb, 0xce, 0xdf, 0x6b, 0x60, 0xb9, 0x98,
0x26, 0x71, 0x94, 0x62, 0xa9, 0xd1, 0xd4, 0xde, 0xda, 0x68, 0xea, 0x6b, 0x1b, 0x4d, 0xde, 0xbe,
0x1a, 0xa5, 0xf6, 0x35, 0x00, 0x4b, 0xa0, 0x1f, 0x08, 0xf4, 0xa4, 0x69, 0x75, 0x85, 0xac, 0x74,
0xaf, 0xb9, 0x50, 0x0c, 0x99, 0x52, 0x8d, 0x74, 0xdc, 0x42, 0x66, 0x4f, 0xca, 0xfc, 0xac, 0x3b,
0xdf, 0xae, 0xe6, 0x67, 0xbd, 0xdc, 0x55, 0x82, 0x76, 0xfe, 0x56, 0x87, 0xed, 0x65, 0xf5, 0x9a,
0x24, 0xd8, 0x85, 0xa6, 0x2e, 0x2f, 0x93, 0x41, 0x72, 0xa5, 0xb0, 0x1a, 0x4b, 0x85, 0xf5, 0x73,
0xe8, 0x7b, 0x02, 0xa9, 0x6d, 0xbf, 0xeb, 0xe9, 0xf7, 0xf2, 0x01, 0x94, 0x00, 0x1f, 0xc3, 0xb6,
0x5a, 0x65, 0x82, 0xfe, 0x82, 0xed, 0x74, 0x8f, 0xdf, 0x32, 0x78, 0xc1, 0x77, 0x0f, 0x60, 0x27,
0x37, 0x5d, 0x54, 0x66, 0xab, 0x62, 0x7b, 0x94, 0x17, 0xe8, 0x6d, 0x68, 0x5d, 0xc6, 0x62, 0xc6,
0xa5, 0xa1, 0x02, 0x23, 0xa9, 0xb4, 0x28, 0xd6, 0x4b, 0x77, 0x0c, 0x4b, 0xa7, 0x45, 0x0e, 0xaa,
0x9b, 0x97, 0x2a, 0xfd, 0xe2, 0x56, 0x44, 0xb4, 0x60, 0xb9, 0x56, 0x7e, 0x1b, 0x72, 0x7e, 0x0d,
0x5b, 0x4b, 0x8d, 0x70, 0x4d, 0x20, 0x17, 0xee, 0xeb, 0x15, 0xf7, 0x95, 0x99, 0x1b, 0x4b, 0x33,
0xff, 0x06, 0x76, 0xbe, 0xe0, 0x91, 0x1f, 0xa2, 0x99, 0xff, 0x40, 0x4c, 0xa9, 0x55, 0x98, 0x7b,
0xd9, 0xc4, 0xdc, 0xb8, 0xfa, 0x6e, 0xc7, 0x20, 0xc7, 0x3e, 0xbb, 0x07, 0x6d, 0xa1, 0xad, 0x4d,
0xe2, 0x75, 0x4b, 0x9d, 0xda, 0xcd, 0x75, 0xce, 0xb7, 0xc0, 0x2a, 0x53, 0xab, 0x2b, 0xd9, 0x9c,
0xed, 0xab, 0x04, 0xd4, 0x49, 0x61, 0x12, 0xbb, 0x57, 0xce, 0x23, 0xb7, 0xd0, 0xb2, 0x21, 0x34,
0x50, 0x08, 0xe3, 0x82, 0x5a, 0xe5, 0xe2, 0x02, 0xec, 0x2a, 0x95, 0xf3, 0x43, 0xd8, 0x39, 0x4b,
0xd0, 0x0b, 0x78, 0x48, 0x97, 0x57, 0xed, 0x60, 0x0f, 0x9a, 0x2a, 0xc8, 0x79, 0xcd, 0x12, 0xfb,
0x69, 0xb5, 0xc6, 0x9d, 0x6f, 0xc1, 0xd6, 0xeb, 0x3a, 0x7a, 0x13, 0xa4, 0x12, 0x23, 0x0f, 0x0f,
0xaf, 0xd0, 0xbb, 0xfe, 0x1f, 0xee, 0xfc, 0x15, 0xdc, 0x59, 0xe7, 0x21, 0x5f, 0x5f, 0xd7, 0x53,
0xd2, 0xe4, 0x52, 0x11, 0x2d, 0xf9, 0xb0, 0x5c, 0x20, 0xe8, 0x73, 0x85, 0xa8, 0x73, 0x44, 0x35,
0x2e, 0x35, 0x94, 0x68, 0xa4, 0x3c, 0x1e, 0x8d, 0x9b, 0xe3, 0xf1, 0x97, 0x1a, 0x74, 0xce, 0x50,
0x66, 0x09, 0xed, 0xe5, 0x7d, 0xe8, 0x5c, 0x88, 0xf8, 0x1a, 0xc5, 0x62, 0x2b, 0x96, 0x06, 0x8e,
0x7d, 0xf6, 0x04, 0x5a, 0x87, 0x71, 0x74, 0x19, 0x4c, 0xe9, 0x2a, 0xdf, 0x1d, 0xdf, 0xd1, 0xec,
0x62, 0xc6, 0x8e, 0xb4, 0x4e, 0x37, 0x44, 0x63, 0xc8, 0x86, 0xd0, 0x35, 0x4f, 0x9c, 0x97, 0x2f,
0x8f, 0x9f, 0xe5, 0x0d, 0xb8, 0x04, 0x0d, 0x3e, 0x81, 0x6e, 0x69, 0xe0, 0x7f, 0xd5, 0x2d, 0xbe,
0x0b, 0x40, 0xde, 0x75, 0x8c, 0xb6, 0xf5, 0x56, 0xcd, 0x48, 0xb5, 0xb5, 0x3d, 0xe8, 0xa8, 0x6b,
0x8a, 0x56, 0x33, 0xd8, 0x28, 0xbd, 0x7c, 0xe8, 0xdb, 0xb9, 0x07, 0x3b, 0xc7, 0xd1, 0x2b, 0x1e,
0x06, 0x3e, 0x97, 0xf8, 0x25, 0xce, 0x29, 0x04, 0x2b, 0x2b, 0x70, 0xce, 0xa0, 0x67, 0xde, 0x16,
0xef, 0xb4, 0xc6, 0x9e, 0x59, 0xe3, 0x7f, 0x2e, 0xa2, 0x8f, 0x61, 0xcb, 0x4c, 0xfa, 0x22, 0x30,
0x25, 0xa4, 0x9a, 0xbf, 0xc0, 0xcb, 0xe0, 0x8d, 0x99, 0xda, 0x48, 0xce, 0x53, 0xd8, 0x2e, 0x99,
0x16, 0xdb, 0xb9, 0xc6, 0x79, 0x9a, 0xbf, 0xb9, 0xd4, 0x77, 0x1e, 0x81, 0xfa, 0x22, 0x02, 0x0e,
0x6c, 0x9a, 0x91, 0xcf, 0x51, 0xde, 0xb0, 0xbb, 0x2f, 0x8b, 0x85, 0x3c, 0x47, 0x33, 0xf9, 0x7d,
0x68, 0xa2, 0xda, 0x69, 0xb9, 0x85, 0x95, 0x23, 0xe0, 0x6a, 0xf5, 0x1a, 0x87, 0x4f, 0x0b, 0x87,
0xa7, 0x99, 0x76, 0xf8, 0x8e, 0x73, 0x39, 0x1f, 0x16, 0xcb, 0x38, 0xcd, 0xe4, 0x4d, 0x27, 0x7a,
0x0f, 0x76, 0x8c, 0xd1, 0x33, 0x0c, 0x51, 0xe2, 0x0d, 0x5b, 0xba, 0x0f, 0xac, 0x62, 0x76, 0xd3,
0x74, 0x77, 0xc1, 0x3a, 0x3f, 0x7f, 0x51, 0x68, 0xab, 0xdc, 0xe8, 0x7c, 0x0a, 0x3b, 0x67, 0x99,
0x1f, 0x9f, 0x8a, 0xe0, 0x55, 0x10, 0xe2, 0x54, 0x3b, 0xcb, 0x9f, 0x7c, 0xb5, 0xd2, 0x93, 0x6f,
0x6d, 0x37, 0x72, 0xf6, 0x81, 0x55, 0x86, 0x17, 0xe7, 0x96, 0x66, 0x7e, 0x6c, 0x4a, 0x98, 0xbe,
0x9d, 0x7d, 0xe8, 0x9d, 0x73, 0xd5, 0xef, 0x7d, 0x6d, 0x63, 0x43, 0x5b, 0x6a, 0xd9, 0x98, 0xe5,
0xa2, 0x33, 0x86, 0xdd, 0x43, 0xee, 0x5d, 0x05, 0xd1, 0xf4, 0x59, 0x90, 0xaa, 0x0b, 0x8f, 0x19,
0x31, 0x00, 0xcb, 0x37, 0x80, 0x19, 0x52, 0xc8, 0xce, 0x43, 0x78, 0xaf, 0xf4, 0xb0, 0x3d, 0x93,
0x3c, 0x8f, 0xc7, 0x2e, 0x34, 0x53, 0x25, 0xd1, 0x88, 0xa6, 0xab, 0x05, 0xe7, 0x2b, 0xd8, 0x2d,
0x37, 0x60, 0x75, 0xfd, 0xc8, 0x37, 0x4e, 0x17, 0x83, 0x5a, 0xe9, 0x62, 0x60, 0x62, 0x56, 0x5f,
0xf4, 0x93, 0x6d, 0x68, 0xfc, 0xf2, 0x9b, 0x73, 0x93, 0xec, 0xea, 0xd3, 0xf9, 0x9d, 0x72, 0x5f,
0x9d, 0x4f, 0xbb, 0xaf, 0xdc, 0x0e, 0x6a, 0xef, 0x72, 0x3b, 0x58, 0x93, 0x6f, 0x0f, 0x61, 0xe7,
0x24, 0x8c, 0xbd, 0xeb, 0xa3, 0xa8, 0x14, 0x0d, 0x1b, 0xda, 0x18, 0x95, 0x83, 0x91, 0x8b, 0xce,
0x47, 0xb0, 0xf5, 0x22, 0xf6, 0x78, 0x78, 0xa2, 0xde, 0x27, 0x45, 0x14, 0xe8, 0x4f, 0x83, 0x31,
0xd5, 0x82, 0xf3, 0x10, 0x60, 0xf1, 0xc6, 0x52, 0xf4, 0x2b, 0x70, 0x16, 0x4b, 0x9c, 0x70, 0xdf,
0xcf, 0x33, 0x08, 0x34, 0x74, 0xe0, 0xfb, 0x62, 0xfc, 0xaf, 0x3a, 0xb4, 0x7f, 0xa1, 0x49, 0x8d,
0x7d, 0x06, 0xfd, 0x4a, 0x0b, 0x63, 0xef, 0xd1, 0x23, 0x6b, 0xb9, 0x61, 0x0e, 0x6e, 0xaf, 0xc0,
0x7a, 0x41, 0x8f, 0xa1, 0x57, 0x6e, 0x50, 0x8c, 0x9a, 0x11, 0xfd, 0xf1, 0x19, 0xd0, 0x4c, 0xab,
0xdd, 0xeb, 0x0c, 0x76, 0xd7, 0xb5, 0x0e, 0x76, 0x77, 0xe1, 0x61, 0xb5, 0x6d, 0x0d, 0x3e, 0xb8,
0x49, 0x9b, 0xb7, 0x9c, 0xf6, 0x61, 0x88, 0x3c, 0xca, 0x92, 0xf2, 0x0a, 0x16, 0x9f, 0xec, 0x09,
0xf4, 0x2b, 0xe4, 0xa9, 0xf7, 0xb9, 0xc2, 0xa7, 0xe5, 0x21, 0xf7, 0xa1, 0x49, 0x84, 0xcd, 0xfa,
0x95, 0xce, 0x31, 0xd8, 0x2c, 0x44, 0xed, 0x7b, 0x08, 0x1b, 0xf4, 0xbe, 0x2c, 0x39, 0xa6, 0x11,
0x05, 0x9b, 0x8f, 0xff, 0x51, 0x83, 0x76, 0xfe, 0x6f, 0xe8, 0x09, 0x6c, 0x28, 0x5e, 0x64, 0xb7,
0x4a, 0xd4, 0x92, 0x73, 0xea, 0x60, 0x77, 0x09, 0xd4, 0x0e, 0x46, 0xd0, 0x78, 0x8e, 0x92, 0xb1,
0x92, 0xd2, 0x10, 0xe4, 0xe0, 0x56, 0x15, 0x2b, 0xec, 0x4f, 0xb3, 0xaa, 0xbd, 0xe1, 0xb7, 0x8a,
0x7d, 0xc1, 0x5c, 0x3f, 0x81, 0x96, 0x66, 0x1e, 0x1d, 0x94, 0x15, 0xce, 0xd2, 0x87, 0xbf, 0xca,
0x51, 0xe3, 0x7f, 0x36, 0x00, 0xce, 0xe6, 0xa9, 0xc4, 0xd9, 0xaf, 0x02, 0x7c, 0xcd, 0x1e, 0xc0,
0xd6, 0x33, 0xbc, 0xe4, 0x59, 0x28, 0xe9, 0x05, 0xa1, 0x2a, 0xac, 0x14, 0x13, 0xba, 0x04, 0x15,
0x04, 0x76, 0x1f, 0xba, 0x27, 0xfc, 0xcd, 0xdb, 0xed, 0x3e, 0x83, 0x7e, 0x85, 0x97, 0xcc, 0x12,
0x97, 0x99, 0xce, 0x2c, 0x71, 0x95, 0xc1, 0xee, 0x43, 0xdb, 0xb0, 0x55, 0xd9, 0x07, 0xf1, 0x7a,
0x85, 0xc5, 0x7e, 0x0c, 0x5b, 0x4b, 0x5c, 0x55, 0xb6, 0xa7, 0xff, 0x57, 0x6b, 0xb9, 0xec, 0xa9,
0x7a, 0x01, 0x54, 0xf9, 0xaa, 0x3c, 0xf0, 0x8e, 0xe6, 0x88, 0x75, 0x84, 0xf6, 0xbc, 0xfa, 0x76,
0xa0, 0x97, 0x93, 0xbd, 0x4c, 0x29, 0x39, 0xa1, 0xe5, 0x13, 0xad, 0xa3, 0xa6, 0xc7, 0xd0, 0x2b,
0xb3, 0xca, 0x4a, 0x09, 0xae, 0x52, 0xce, 0xf7, 0x01, 0x16, 0xc4, 0x52, 0xb6, 0xa7, 0xf4, 0x58,
0xe2, 0x9c, 0x8b, 0x16, 0xbd, 0x36, 0x7e, 0xf0, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x7a, 0x48,
0x91, 0x8a, 0x11, 0x16, 0x00, 0x00,
}

4
logical/plugin/pb/backend.proto
View File

@ -202,6 +202,10 @@ message Auth {
// mappings groups for the group aliases in identity store. For all the
// matching groups, the entity ID of the user will be added.
repeated Alias group_aliases = 12;
// If set, restricts usage of the certificates to client IPs falling within
// the range of the specified CIDR(s).
repeated string bound_cidrs = 13;
}
message LeaseOptions {

17
logical/plugin/pb/translation.go
View File

@ -6,6 +6,7 @@ import (
"time"
"github.com/golang/protobuf/ptypes"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/helper/errutil"
"github.com/hashicorp/vault/helper/wrapping"
"github.com/hashicorp/vault/logical"
@ -507,6 +508,11 @@ func LogicalAuthToProtoAuth(a *logical.Auth) (*Auth, error) {
return nil, err
}
boundCIDRs := make([]string, len(a.BoundCIDRs))
for i, cidr := range a.BoundCIDRs {
boundCIDRs[i] = cidr.String()
}
return &Auth{
LeaseOptions: lo,
InternalData: string(buf[:]),
@ -520,6 +526,7 @@ func LogicalAuthToProtoAuth(a *logical.Auth) (*Auth, error) {
EntityID: a.EntityID,
Alias: LogicalAliasToProtoAlias(a.Alias),
GroupAliases: groupAliases,
BoundCidrs: boundCIDRs,
}, nil
}
@ -544,6 +551,15 @@ func ProtoAuthToLogicalAuth(a *Auth) (*logical.Auth, error) {
return nil, err
}
var boundCIDRs []*sockaddr.SockAddrMarshaler
for _, cidr := range a.BoundCidrs {
parsedCIDR, err := sockaddr.NewSockAddr(cidr)
if err != nil {
return nil, err
}
boundCIDRs = append(boundCIDRs, &sockaddr.SockAddrMarshaler{parsedCIDR})
}
return &logical.Auth{
LeaseOptions: lo,
InternalData: data,
@ -557,5 +573,6 @@ func ProtoAuthToLogicalAuth(a *Auth) (*logical.Auth, error) {
EntityID: a.EntityID,
Alias: ProtoAliasToLogicalAlias(a.Alias),
GroupAliases: groupAliases,
BoundCIDRs: boundCIDRs,
}, nil
}

2
vault/request_handling.go
View File

@ -494,6 +494,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
// If the response generated an authentication, then generate the token
if resp != nil && resp.Auth != nil {
var entity *identity.Entity
auth = resp.Auth
@ -574,6 +575,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
TTL: tokenTTL,
NumUses: auth.NumUses,
EntityID: auth.EntityID,
BoundCIDRs: auth.BoundCIDRs,
}
te.Policies = policyutil.SanitizePolicies(te.Policies, true)

6
website/source/api/auth/cert/index.html.md
View File

@ -54,13 +54,17 @@ Sets a CA cert and associated parameters in a role name.
as it is renewed it never expires unless `max_ttl` is also set, but the TTL
set on the token at each renewal is fixed to the value specified here. If this
value is modified, the token will pick up the new value at its next renewal.
- `bound_cidrs` `(string: "", or list: [])` If set, restricts usage of the
certificates to client IPs falling within the range of the specified
CIDR(s).
### Sample Payload
```json
{
"certificate": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----",
"display_name": "test"
"display_name": "test",
"bound_cidrs": ["127.0.0.1/32", "128.252.0.0/16"]
}
```