e83471d7de
* Login MFA * ENT OSS segragation (#14088) * Delete method id if not used in an MFA enforcement config (#14063) * Delete an MFA methodID only if it is not used by an MFA enforcement config * Fixing a bug: mfa/validate is an unauthenticated path, and goes through the handleLoginRequest path * adding use_passcode field to DUO config (#14059) * add changelog * preventing replay attack on MFA passcodes (#14056) * preventing replay attack on MFA passcodes * using %w instead of %s for error * Improve CLI command for login mfa (#14106) CLI prints a warning message indicating the login request needs to get validated * adding the validity period of a passcode to error messages (#14115) * PR feedback * duo to handle preventing passcode reuse Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com> Co-authored-by: hamid ghaf <hamid@hashicorp.com>
92 lines
2.4 KiB
Protocol Buffer
92 lines
2.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
option go_package = "github.com/hashicorp/vault/sdk/logical";
|
|
|
|
package logical;
|
|
|
|
message Entity {
|
|
// ID is the unique identifier for the entity
|
|
string ID = 1;
|
|
|
|
// Name is the human-friendly unique identifier for the entity
|
|
string name = 2;
|
|
|
|
// Aliases contains thhe alias mappings for the given entity
|
|
repeated Alias aliases = 3;
|
|
|
|
// Metadata represents the custom data tied to this entity
|
|
map<string, string> metadata = 4;
|
|
|
|
// Disabled is true if the entity is disabled.
|
|
bool disabled = 5;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this entity
|
|
// belongs to.
|
|
string namespace_id = 6;
|
|
}
|
|
|
|
message Alias {
|
|
// MountType is the backend mount's type to which this identity belongs
|
|
string mount_type = 1;
|
|
|
|
// MountAccessor is the identifier of the mount entry to which this
|
|
// identity belongs
|
|
string mount_accessor = 2;
|
|
|
|
// Name is the identifier of this identity in its authentication source
|
|
string name = 3;
|
|
|
|
// Metadata represents the custom data tied to this alias. Fields added
|
|
// to it should have a low rate of change (or no change) because each
|
|
// change incurs a storage write, so quickly-changing fields can have
|
|
// a significant performance impact at scale. See the SDK's
|
|
// "aliasmetadata" package for a helper that eases and standardizes
|
|
// using this safely.
|
|
map<string, string> metadata = 4;
|
|
|
|
// ID is the unique identifier for the alias
|
|
string ID = 5;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this alias
|
|
// belongs.
|
|
string namespace_id = 6;
|
|
|
|
// Custom Metadata represents the custom data tied to this alias
|
|
map<string, string> custom_metadata = 7;
|
|
|
|
// Local indicates if the alias only belongs to the cluster where it was
|
|
// created. If true, the alias will be stored in a location that are ignored
|
|
// by the performance replication subsystem.
|
|
bool local = 8;
|
|
}
|
|
|
|
message Group {
|
|
// ID is the unique identifier for the group
|
|
string ID = 1;
|
|
|
|
// Name is the human-friendly unique identifier for the group
|
|
string name = 2;
|
|
|
|
// Metadata represents the custom data tied to this group
|
|
map<string, string> metadata = 3;
|
|
|
|
// NamespaceID is the identifier of the namespace to which this group
|
|
// belongs to.
|
|
string namespace_id = 4;
|
|
}
|
|
|
|
message MFAMethodID {
|
|
string type = 1;
|
|
string id = 2;
|
|
bool uses_passcode = 3;
|
|
}
|
|
|
|
message MFAConstraintAny {
|
|
repeated MFAMethodID any = 1;
|
|
}
|
|
|
|
message MFARequirement {
|
|
string mfa_request_id = 1;
|
|
map<string, MFAConstraintAny> mfa_constraints = 2;
|
|
}
|