65a41d4f08
* named MFA method configurations * fix a test * CL * fix an issue with same config name different ID and add a test * feedback * feedback on test * consistent use of passcode for all MFA methods (#18611) * make use of passcode factor consistent for all MFA types * improved type for MFA factors * add method name to login CLI * minor refactoring * only accept MFA method name with its namespace path in the login request MFA header * fix a bug * fixing an ErrorOrNil return value * more informative error message * Apply suggestions from code review Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com> * feedback * test refactor a bit * adding godoc for a test * feedback * remove sanitize method name * guard a possbile nil ref Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
93 lines
2.5 KiB
Protocol Buffer
93 lines
2.5 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
option go_package = "github.com/hashicorp/vault/sdk/logical";
|
|
|
|
package logical;
|
|
|
|
message Entity {
|
|
// ID is the unique identifier for the entity
|
|
string ID = 1;
|
|
|
|
// Name is the human-friendly unique identifier for the entity
|
|
string name = 2;
|
|
|
|
// Aliases contains thhe alias mappings for the given entity
|
|
repeated Alias aliases = 3;
|
|
|
|
// Metadata represents the custom data tied to this entity
|
|
map<string, string> metadata = 4;
|
|
|
|
// Disabled is true if the entity is disabled.
|
|
bool disabled = 5;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this entity
|
|
// belongs to.
|
|
string namespace_id = 6;
|
|
}
|
|
|
|
message Alias {
|
|
// MountType is the backend mount's type to which this identity belongs
|
|
string mount_type = 1;
|
|
|
|
// MountAccessor is the identifier of the mount entry to which this
|
|
// identity belongs
|
|
string mount_accessor = 2;
|
|
|
|
// Name is the identifier of this identity in its authentication source
|
|
string name = 3;
|
|
|
|
// Metadata represents the custom data tied to this alias. Fields added
|
|
// to it should have a low rate of change (or no change) because each
|
|
// change incurs a storage write, so quickly-changing fields can have
|
|
// a significant performance impact at scale. See the SDK's
|
|
// "aliasmetadata" package for a helper that eases and standardizes
|
|
// using this safely.
|
|
map<string, string> metadata = 4;
|
|
|
|
// ID is the unique identifier for the alias
|
|
string ID = 5;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this alias
|
|
// belongs.
|
|
string namespace_id = 6;
|
|
|
|
// Custom Metadata represents the custom data tied to this alias
|
|
map<string, string> custom_metadata = 7;
|
|
|
|
// Local indicates if the alias only belongs to the cluster where it was
|
|
// created. If true, the alias will be stored in a location that are ignored
|
|
// by the performance replication subsystem.
|
|
bool local = 8;
|
|
}
|
|
|
|
message Group {
|
|
// ID is the unique identifier for the group
|
|
string ID = 1;
|
|
|
|
// Name is the human-friendly unique identifier for the group
|
|
string name = 2;
|
|
|
|
// Metadata represents the custom data tied to this group
|
|
map<string, string> metadata = 3;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this group
|
|
// belongs to.
|
|
string namespace_id = 4;
|
|
}
|
|
|
|
message MFAMethodID {
|
|
string type = 1;
|
|
string id = 2;
|
|
bool uses_passcode = 3;
|
|
string name = 4;
|
|
}
|
|
|
|
message MFAConstraintAny {
|
|
repeated MFAMethodID any = 1;
|
|
}
|
|
|
|
message MFARequirement {
|
|
string mfa_request_id = 1;
|
|
map<string, MFAConstraintAny> mfa_constraints = 2;
|
|
}
|