aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(target): Classify resources for audit events

Browse Source
pull/2031/head
Timothy Messier 4 years ago committed by Johan Brandhorst-Satzkorn
parent c8be4a9890
commit 3be5c44907
7 changed files with 1013 additions and 653 deletions
Show Stats Download Patch File Download Diff File

1
Makefile
Unescape View File

@ -156,6 +156,7 @@ protobuild:
@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/scopes/scope.pb.go
@protoc-go-inject-tag -input=./internal/gen/controller/servers/services/session_service.pb.go
@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/targets/target.pb.go
@protoc-go-inject-tag -input=./internal/gen/controller/api/services/target_service.pb.go
@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/accounts/account.pb.go
@protoc-go-inject-tag -input=./internal/gen/controller/api/services/account_service.pb.go
@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/hosts/host.pb.go

1026
internal/gen/controller/api/services/target_service.pb.go
View File

File diff suppressed because it is too large Load Diff

89
internal/proto/controller/api/resources/targets/v1/target.proto
Unescape View File

@ -13,62 +13,62 @@ import "controller/custom_options/v1/options.proto";
message HostSource {
// Output only. The ID of the Host Set.
string id = 10;
string id = 10; // @gotags: `class:"public"`
// Output only. The Host Catalog to which this Host Source belongs.
string host_catalog_id = 20 [json_name = "host_catalog_id"];
string host_catalog_id = 20 [json_name = "host_catalog_id"]; // @gotags: `class:"public"`
}
message HostSet {
// Output only. The ID of the Host Set.
string id = 10;
string id = 10; // @gotags: `class:"public"`
// Output only. The Host Catalog to which this Host Set belongs.
string host_catalog_id = 20 [json_name = "host_catalog_id"];
string host_catalog_id = 20 [json_name = "host_catalog_id"]; // @gotags: `class:"public"`
}
message CredentialSource {
// The ID of the Credential. May be empty if the credential is dynamically generated from a library.
string id = 10;
string id = 10; // @gotags: `class:"public"`
// Output only. The name of the Credential source.
string name = 20;
string name = 20; // @gotags: `class:"public"`
// Output only. The description of the Credential source.
string description = 30;
string description = 30; // @gotags: `class:"public"`
// Output only. The Credential Store to which this Credential source belongs.
string credential_store_id = 40 [json_name = "credential_store_id"];
string credential_store_id = 40 [json_name = "credential_store_id"]; // @gotags: `class:"public"`
// Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
string type = 60;
string type = 60; // @gotags: `class:"public"`
// Output only. The type of the credential, empty if unspecified.
string credential_type = 70;
string credential_type = 70; // @gotags: `class:"public"`
}
message CredentialLibrary {
// The ID of the Credential Library.
string id = 10;
string id = 10; // @gotags: `class:"public"`
// Output only. The name of the Credential Library.
string name = 20;
string name = 20; // @gotags: `class:"public"`
// Output only. The description of the Credential Library.
string description = 30;
string description = 30; // @gotags: `class:"public"`
// Output only. The Credential Store to which this Credential Library belongs.
string credential_store_id = 40 [json_name = "credential_store_id"];
string credential_store_id = 40 [json_name = "credential_store_id"]; // @gotags: `class:"public"`
// Output only. The type of the credential library.
string type = 60;
string type = 60; // @gotags: `class:"public"`
}
// The actual secret for a session credential.
message SessionSecret {
// Output only. The base64-encoded value representing the raw bytes from the
// credential provider.
string raw = 10;
string raw = 10; // @gotags: `class:"secret"`
// Output only. The decoded raw string, if a JSON object.
google.protobuf.Struct decoded = 20;
@ -93,95 +93,94 @@ message SessionCredential {
// Target contains all fields related to a Target resource
message Target {
// Output only. The ID of the resource.
string id = 10;
string id = 10; // @gotags: `class:"public"`
// The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
string scope_id = 20 [json_name = "scope_id"];
string scope_id = 20 [json_name = "scope_id"]; // @gotags: `class:"public"`
// Output only. Scope information for this resource.
resources.scopes.v1.ScopeInfo scope = 30;
// Required name for identification purposes.
google.protobuf.StringValue name = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "name" that: "name" }];
google.protobuf.StringValue name = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "name" that: "name" }]; // @gotags: `class:"public"`
// Optional user-set description for identification purposes.
google.protobuf.StringValue description = 50 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "description" that: "description" }];
google.protobuf.StringValue description = 50 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "description" that: "description" }]; // @gotags: `class:"public"`
// Output only. The time this resource was created.
google.protobuf.Timestamp created_time = 60 [json_name = "created_time"];
google.protobuf.Timestamp created_time = 60 [json_name = "created_time"]; // @gotags: `class:"public"`
// Output only. The time this resource was last updated.
google.protobuf.Timestamp updated_time = 70 [json_name = "updated_time"];
google.protobuf.Timestamp updated_time = 70 [json_name = "updated_time"]; // @gotags: `class:"public"`
// Version is used in mutation requests, after the initial creation, to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 80;
uint32 version = 80; // @gotags: `class:"public"`
// The type of the Target.
string type = 90;
string type = 90; // @gotags: `class:"public"`
// Output only. The IDs of the Host Sets associated with this Target.
repeated string host_set_ids = 100 [json_name = "host_set_ids"];
repeated string host_set_ids = 100 [json_name = "host_set_ids"]; // @gotags: `class:"public"`
// Output only. The Host Sets associated with this Target.
repeated HostSet host_sets = 110 [json_name = "host_sets"];
// Output only. The IDs of the Host Sources associated with this Target.
repeated string host_source_ids = 420 [json_name = "host_source_ids"];
repeated string host_source_ids = 420 [json_name = "host_source_ids"]; // @gotags: `class:"public"`
// Output only. The Host Sources associated with this Target.
repeated HostSource host_sources = 430 [json_name = "host_sources"];
// Maximum total lifetime of a created Session, in seconds.
google.protobuf.UInt32Value session_max_seconds = 120
[json_name = "session_max_seconds", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "session_max_seconds" that: "SessionMaxSeconds" }];
[json_name = "session_max_seconds", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "session_max_seconds" that: "SessionMaxSeconds" }]; // @gotags: `class:"public"`
// Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
google.protobuf.Int32Value session_connection_limit = 130
[json_name = "session_connection_limit", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "session_connection_limit" that: "SessionConnectionLimit" }];
[json_name = "session_connection_limit", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "session_connection_limit" that: "SessionConnectionLimit" }]; // @gotags: `class:"public"`
// Optional boolean expression to filter the workers that are allowed to satisfy this request.
google.protobuf.StringValue worker_filter = 140
[json_name = "worker_filter", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "worker_filter" that: "WorkerFilter" }];
[json_name = "worker_filter", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "worker_filter" that: "WorkerFilter" }]; // @gotags: `class:"public"`
// Output only. The IDs of the application credential library ids associated with this Target. Deprecated: use application_credential_source_ids instead.
repeated string application_credential_library_ids = 150 [json_name = "application_credential_library_ids", deprecated = true];
repeated string application_credential_library_ids = 150 [json_name = "application_credential_library_ids", deprecated = true]; // @gotags: `class:"public"`
// Output only. The application credential libraries associated with this Target. Deprecated: use application_credential_sources instead.
repeated CredentialLibrary application_credential_libraries = 180 [json_name = "application_credential_libraries", deprecated = true];
// Output only. The IDs of the application credential source ids associated with this Target.
repeated string application_credential_source_ids = 400 [json_name = "application_credential_source_ids"];
repeated string application_credential_source_ids = 400 [json_name = "application_credential_source_ids"]; // @gotags: `class:"public"`
// Output only. The application credential sources associated with this Target.
repeated CredentialSource application_credential_sources = 410 [json_name = "application_credential_sources"];
// Output only. The IDs of the egress credential source ids associated with this Target.
repeated string egress_credential_source_ids = 500 [json_name = "egress_credential_source_ids"];
repeated string egress_credential_source_ids = 500 [json_name = "egress_credential_source_ids"]; // @gotags: `class:"public"`
// Output only. The egress credential sources associated with this Target.
repeated CredentialSource egress_credential_sources = 510 [json_name = "egress_credential_sources"];
oneof attrs {
// The attributes that are applicable for the specific Target.
google.protobuf.Struct attributes = 200 [
(google.api.field_visibility).restriction = "INTERNAL",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "default"
(custom_options.v1.subtype) = "default"
];
TcpTargetAttributes tcp_target_attributes = 201 [
(google.api.field_visibility).restriction = "INTERNAL",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "tcp"
];
TcpTargetAttributes tcp_target_attributes = 201 [
(google.api.field_visibility).restriction = "INTERNAL",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "tcp"
];
}
// Output only. The available actions on this resource for this user.
repeated string authorized_actions = 300 [json_name = "authorized_actions"];
repeated string authorized_actions = 300 [json_name = "authorized_actions"]; // @gotags: `class:"public"`
}
// TcpTargetAttributes contains attributes relevant to Targets of type "tcp"
message TcpTargetAttributes {
// The default TCP port that will be used when connecting to the endpoint unless overridden by a Host Set or Host.
google.protobuf.UInt32Value default_port = 10
[json_name = "default_port", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "attributes.default_port" that: "DefaultPort" }];
[json_name = "default_port", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = { this: "attributes.default_port" that: "DefaultPort" }]; // @gotags: `class:"public"`
}
// WorkerInfo contains information about workers, returned in to the client in SessionAuthorization
@ -211,7 +210,7 @@ message SessionAuthorizationData {
int32 connection_limit = 90 [json_name = "connection_limit"];
// Output only. The certificate to use when connecting. Raw DER bytes.
bytes certificate = 120; // @gotags: `class:"secret"`
bytes certificate = 120; // @gotags: `class:"sensitive"`
// Output only. The private key to use when connecting. We are using Ed25519, so this is purely raw bytes, no marshaling.
bytes private_key = 130 [json_name = "private_key"]; // @gotags: `class:"secret"`
@ -262,11 +261,11 @@ message SessionAuthorization {
repeated SessionCredential credentials = 110 [json_name = "credentials"];
}
// The layout of the struct for "credential" field in SessionCredential for a user_password credential type.
// The layout of the struct for "credential" field in SessionCredential for a user_password credential type.
message UserPasswordCredential {
// Username of the credential
string username = 1;
string username = 1; // @gotags: `class:"sensitive"`
// Password of the credential
string password = 2;
string password = 2; // @gotags: `class:"secret"`
}

109
internal/proto/controller/api/services/v1/target_service.proto
Unescape View File

@ -8,6 +8,9 @@ import "protoc-gen-openapiv2/options/annotations.proto";
import "google/api/annotations.proto";
import "google/protobuf/field_mask.proto";
import "controller/api/resources/targets/v1/target.proto";
import "controller/custom_options/v1/options.proto";
option (custom_options.v1.domain) = "target";
service TargetService {
@ -83,7 +86,7 @@ service TargetService {
summary: "Deletes a Target."
};
}
// AuthorizeSession creates authorization information from a given Target.
rpc AuthorizeSession(AuthorizeSessionRequest) returns (AuthorizeSessionResponse) {
option (google.api.http) = {
@ -316,7 +319,7 @@ service TargetService {
}
message GetTargetRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
}
message GetTargetResponse {
@ -324,9 +327,9 @@ message GetTargetResponse {
}
message ListTargetsRequest {
string scope_id = 1;
bool recursive = 20 [json_name="recursive"];
string filter = 30 [json_name="filter"];
string scope_id = 1; // @gotags: `class:"public"`
bool recursive = 20 [json_name="recursive"]; // @gotags: `class:"public"`
string filter = 30 [json_name="filter"]; // @gotags: `class:"public"`
}
message ListTargetsResponse {
@ -338,12 +341,12 @@ message CreateTargetRequest {
}
message CreateTargetResponse {
string uri = 1;
string uri = 1; // @gotags: `class:"public"`
resources.targets.v1.Target item = 2;
}
message UpdateTargetRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
resources.targets.v1.Target item = 2;
google.protobuf.FieldMask update_mask = 3 [json_name="update_mask"];
}
@ -353,17 +356,17 @@ message UpdateTargetResponse {
}
message DeleteTargetRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
}
message DeleteTargetResponse {}
message AddTargetHostSetsRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_set_ids = 3 [json_name="host_set_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_set_ids = 3 [json_name="host_set_ids"]; // @gotags: `class:"public"`
}
message AddTargetHostSetsResponse {
@ -371,11 +374,11 @@ message AddTargetHostSetsResponse {
}
message SetTargetHostSetsRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_set_ids = 3 [json_name="host_set_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_set_ids = 3 [json_name="host_set_ids"]; // @gotags: `class:"public"`
}
message SetTargetHostSetsResponse {
@ -383,11 +386,11 @@ message SetTargetHostSetsResponse {
}
message RemoveTargetHostSetsRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_set_ids = 3 [json_name="host_set_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_set_ids = 3 [json_name="host_set_ids"]; // @gotags: `class:"public"`
}
message RemoveTargetHostSetsResponse {
@ -395,11 +398,11 @@ message RemoveTargetHostSetsResponse {
}
message AddTargetHostSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_source_ids = 3 [json_name="host_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_source_ids = 3 [json_name="host_source_ids"]; // @gotags: `class:"public"`
}
message AddTargetHostSourcesResponse {
@ -407,11 +410,11 @@ message AddTargetHostSourcesResponse {
}
message SetTargetHostSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_source_ids = 3 [json_name="host_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_source_ids = 3 [json_name="host_source_ids"]; // @gotags: `class:"public"`
}
message SetTargetHostSourcesResponse {
@ -419,11 +422,11 @@ message SetTargetHostSourcesResponse {
}
message RemoveTargetHostSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string host_source_ids = 3 [json_name="host_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string host_source_ids = 3 [json_name="host_source_ids"]; // @gotags: `class:"public"`
}
message RemoveTargetHostSourcesResponse {
@ -431,11 +434,11 @@ message RemoveTargetHostSourcesResponse {
}
message AddTargetCredentialLibrariesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"]; // @gotags: `class:"public"`
}
message AddTargetCredentialLibrariesResponse {
@ -446,11 +449,11 @@ message AddTargetCredentialLibrariesResponse {
// credential_library_id field that is not set in the request will result in
// those fields being cleared.
message SetTargetCredentialLibrariesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"]; // @gotags: `class:"public"`
}
message SetTargetCredentialLibrariesResponse {
@ -458,11 +461,11 @@ message SetTargetCredentialLibrariesResponse {
}
message RemoveTargetCredentialLibrariesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_library_ids = 3 [json_name="application_credential_library_ids"]; // @gotags: `class:"public"`
}
message RemoveTargetCredentialLibrariesResponse {
@ -470,12 +473,12 @@ message RemoveTargetCredentialLibrariesResponse {
}
message AddTargetCredentialSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_ids"];
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_ids"]; // @gotags: `class:"public"`
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"]; // @gotags: `class:"public"`
}
message AddTargetCredentialSourcesResponse {
@ -485,12 +488,12 @@ message AddTargetCredentialSourcesResponse {
// Sets the values for credential sources. Any credential_source_id field that
// is not set in the request will result in those fields being cleared.
message SetTargetCredentialSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_ids"];
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_ids"]; // @gotags: `class:"public"`
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"]; // @gotags: `class:"public"`
}
message SetTargetCredentialSourcesResponse {
@ -498,12 +501,12 @@ message SetTargetCredentialSourcesResponse {
}
message RemoveTargetCredentialSourcesRequest {
string id = 1;
string id = 1; // @gotags: `class:"public"`
// Version is used to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
uint32 version = 2;
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_id"];
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"];
uint32 version = 2; // @gotags: `class:"public"`
repeated string application_credential_source_ids = 3 [json_name="application_credential_source_id"]; // @gotags: `class:"public"`
repeated string egress_credential_source_ids = 4 [json_name="egress_credential_source_ids"]; // @gotags: `class:"public"`
}
message RemoveTargetCredentialSourcesResponse {
@ -512,19 +515,19 @@ message RemoveTargetCredentialSourcesResponse {
message AuthorizeSessionRequest {
// The ID of the target. Required unless some combination of scope_id/scope_name and name are set.
string id = 1;
string id = 1; // @gotags: `class:"public"`
// The name of the target. When using this, scope_id or scope_name must be set.
string name = 3;
string name = 3; // @gotags: `class:"public"`
// The scope ID containing the target, if specifying the target by name.
string scope_id = 4;
string scope_id = 4; // @gotags: `class:"public"`
// The scope name containing the target, if specifying the target by name.
string scope_name = 5;
string scope_name = 5; // @gotags: `class:"public"`
// An optional parameter allowing specification of the particular Host within the Target's configured Host Sets to connect to during this Session.
string host_id = 2 [json_name="host_id"];
string host_id = 2 [json_name="host_id"]; // @gotags: `class:"public"`
}
message AuthorizeSessionResponse {

5
internal/servers/controller/handlers/targets/target_service.go
Unescape View File

@ -48,6 +48,7 @@ import (
const (
credentialDomain = "credential"
hostDomain = "host"
)
var (
@ -969,7 +970,7 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession
for _, hSource := range hostSources {
hsId := hSource.Id()
// FIXME: read in type from DB rather than rely on prefix
switch subtypes.SubtypeFromId("host", hsId) {
switch subtypes.SubtypeFromId(hostDomain, hsId) {
case static.Subtype:
eps, err := staticHostRepo.Endpoints(ctx, hsId)
if err != nil {
@ -2108,7 +2109,7 @@ func validateAuthorizeSessionRequest(req *pbs.AuthorizeSessionRequest) error {
}
}
if req.GetHostId() != "" {
switch subtypes.SubtypeFromId("host", req.GetHostId()) {
switch subtypes.SubtypeFromId(hostDomain, req.GetHostId()) {
case static.Subtype, plugin.Subtype:
default:
badFields[globals.HostIdField] = "Incorrectly formatted identifier."

353
internal/tests/api/targets/classification_test.go
Unescape View File

@ -0,0 +1,353 @@
package targets_test
import (
"context"
"encoding/json"
"testing"
"time"
pbs "github.com/hashicorp/boundary/internal/gen/controller/api/services"
"github.com/hashicorp/boundary/sdk/pbs/controller/api"
"github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes"
pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/targets"
"github.com/hashicorp/boundary/sdk/wrapper"
"github.com/hashicorp/eventlogger"
"github.com/hashicorp/eventlogger/filters/encrypt"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/structpb"
"google.golang.org/protobuf/types/known/timestamppb"
"google.golang.org/protobuf/types/known/wrapperspb"
)
func TestTargets(t *testing.T) {
ctx := context.Background()
now := time.Now()
pbNow := timestamppb.Now()
wrapper := wrapper.TestWrapper(t)
testEncryptingFilter := api.NewEncryptFilter(t, wrapper)
tests := []struct {
name string
in *eventlogger.Event
want *eventlogger.Event
}{
{
name: "target",
in: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pb.Target{
Id: "id",
ScopeId: "scope-id",
Scope: &scopes.ScopeInfo{
Id: "id",
Type: "type",
Name: "name",
Description: "description",
ParentScopeId: "parent-scope-id",
},
Name: &wrapperspb.StringValue{Value: "name"},
Description: &wrapperspb.StringValue{Value: "description"},
CreatedTime: pbNow,
UpdatedTime: pbNow,
Version: 0,
Type: "type",
HostSetIds: []string{
"host-set-id",
},
HostSets: []*pb.HostSet{
{
Id: "id",
HostCatalogId: "host-catalog-id",
},
},
HostSourceIds: []string{
"host-source-id",
},
HostSources: []*pb.HostSource{
{
Id: "id",
HostCatalogId: "host-catalog-id",
},
},
SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0},
SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0},
WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"},
ApplicationCredentialLibraryIds: []string{"application-credential-library-id"},
ApplicationCredentialLibraries: []*pb.CredentialLibrary{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
},
},
ApplicationCredentialSourceIds: []string{"application-credential-source-id"},
ApplicationCredentialSources: []*pb.CredentialSource{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
},
EgressCredentialSourceIds: []string{"egress-credential-source-id"},
EgressCredentialSources: []*pb.CredentialSource{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
},
Attrs: &pb.Target_TcpTargetAttributes{
TcpTargetAttributes: &pb.TcpTargetAttributes{
DefaultPort: &wrapperspb.UInt32Value{Value: 26},
},
},
AuthorizedActions: []string{"action-1"},
},
},
want: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pb.Target{
Id: "id",
ScopeId: "scope-id",
Scope: &scopes.ScopeInfo{
Id: "id",
Type: "type",
Name: "name",
Description: "description",
ParentScopeId: "parent-scope-id",
},
Name: &wrapperspb.StringValue{Value: "name"},
Description: &wrapperspb.StringValue{Value: "description"},
CreatedTime: pbNow,
UpdatedTime: pbNow,
Version: 0,
Type: "type",
HostSetIds: []string{
"host-set-id",
},
HostSets: []*pb.HostSet{
{
Id: "id",
HostCatalogId: "host-catalog-id",
},
},
HostSourceIds: []string{
"host-source-id",
},
HostSources: []*pb.HostSource{
{
Id: "id",
HostCatalogId: "host-catalog-id",
},
},
SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0},
SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0},
WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"},
ApplicationCredentialLibraryIds: []string{"application-credential-library-id"},
ApplicationCredentialLibraries: []*pb.CredentialLibrary{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
},
},
ApplicationCredentialSourceIds: []string{"application-credential-source-id"},
ApplicationCredentialSources: []*pb.CredentialSource{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
},
EgressCredentialSourceIds: []string{"egress-credential-source-id"},
EgressCredentialSources: []*pb.CredentialSource{
{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
},
Attrs: &pb.Target_TcpTargetAttributes{
TcpTargetAttributes: &pb.TcpTargetAttributes{
DefaultPort: &wrapperspb.UInt32Value{Value: 26},
},
},
AuthorizedActions: []string{"action-1"},
},
},
},
{
name: "authorize-session-request",
in: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pbs.AuthorizeSessionRequest{
Id: "id",
Name: "name",
ScopeId: "scope-id",
ScopeName: "scope-name",
HostId: "host-id",
},
},
want: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pbs.AuthorizeSessionRequest{
Id: "id",
Name: "name",
ScopeId: "scope-id",
ScopeName: "scope-name",
HostId: "host-id",
},
},
},
{
name: "authorize-session-response",
in: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pbs.AuthorizeSessionResponse{
Item: &pb.SessionAuthorization{
SessionId: "session-id",
TargetId: "target-id",
Scope: &scopes.ScopeInfo{
Id: "id",
Type: "type",
Name: "name",
Description: "description",
ParentScopeId: "parent-scope-id",
},
CreatedTime: pbNow,
UserId: "user-id",
HostSetId: "host-set-id",
HostId: "host-id",
Type: "type",
AuthorizationToken: "authorization-token",
Endpoint: "endpoint",
Credentials: []*pb.SessionCredential{
{
CredentialSource: &pb.CredentialSource{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
CredentialLibrary: &pb.CredentialLibrary{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
},
Secret: &pb.SessionSecret{
Raw: "raw-secrets",
Decoded: &structpb.Struct{
Fields: map[string]*structpb.Value{
"key1": structpb.NewStringValue("value-1"),
},
},
},
Credential: &structpb.Struct{
Fields: map[string]*structpb.Value{
"key1": structpb.NewStringValue("value-1"),
},
},
},
},
},
},
},
want: &eventlogger.Event{
Type: "test",
CreatedAt: now,
Payload: &pbs.AuthorizeSessionResponse{
Item: &pb.SessionAuthorization{
SessionId: "session-id",
TargetId: "target-id",
Scope: &scopes.ScopeInfo{
Id: "id",
Type: "type",
Name: "name",
Description: "description",
ParentScopeId: "parent-scope-id",
},
CreatedTime: pbNow,
UserId: "user-id",
HostSetId: "host-set-id",
HostId: "host-id",
Type: "type",
AuthorizationToken: encrypt.RedactedData,
Endpoint: "endpoint",
Credentials: []*pb.SessionCredential{
{
CredentialSource: &pb.CredentialSource{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
CredentialType: "credential-type",
},
CredentialLibrary: &pb.CredentialLibrary{
Id: "id",
Name: "name",
Description: "description",
CredentialStoreId: "credential-store-id",
Type: "type",
},
Secret: &pb.SessionSecret{
Raw: encrypt.RedactedData,
Decoded: &structpb.Struct{
Fields: map[string]*structpb.Value{
"key1": structpb.NewStringValue(encrypt.RedactedData),
},
},
},
Credential: &structpb.Struct{
Fields: map[string]*structpb.Value{
"key1": structpb.NewStringValue(encrypt.RedactedData),
},
},
},
},
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert, require := assert.New(t), require.New(t)
got, err := testEncryptingFilter.Process(ctx, tt.in)
require.NoError(err)
require.NotNil(got)
gotJSON, err := json.Marshal(got)
require.NoError(err)
wantJSON, err := json.Marshal(tt.want)
require.NoError(err)
assert.JSONEq(string(wantJSON), string(gotJSON))
})
}
}

83
sdk/pbs/controller/api/resources/targets/target.pb.go
Unescape View File

@ -32,9 +32,9 @@ type HostSource struct {
unknownFields protoimpl.UnknownFields
// Output only. The ID of the Host Set.
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Host Catalog to which this Host Source belongs.
HostCatalogId string `protobuf:"bytes,20,opt,name=host_catalog_id,proto3" json:"host_catalog_id,omitempty"`
HostCatalogId string `protobuf:"bytes,20,opt,name=host_catalog_id,proto3" json:"host_catalog_id,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *HostSource) Reset() {
@ -89,9 +89,9 @@ type HostSet struct {
unknownFields protoimpl.UnknownFields
// Output only. The ID of the Host Set.
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Host Catalog to which this Host Set belongs.
HostCatalogId string `protobuf:"bytes,20,opt,name=host_catalog_id,proto3" json:"host_catalog_id,omitempty"`
HostCatalogId string `protobuf:"bytes,20,opt,name=host_catalog_id,proto3" json:"host_catalog_id,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *HostSet) Reset() {
@ -146,17 +146,17 @@ type CredentialSource struct {
unknownFields protoimpl.UnknownFields
// The ID of the Credential. May be empty if the credential is dynamically generated from a library.
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The name of the Credential source.
Name string `protobuf:"bytes,20,opt,name=name,proto3" json:"name,omitempty"`
Name string `protobuf:"bytes,20,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The description of the Credential source.
Description string `protobuf:"bytes,30,opt,name=description,proto3" json:"description,omitempty"`
Description string `protobuf:"bytes,30,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Credential Store to which this Credential source belongs.
CredentialStoreId string `protobuf:"bytes,40,opt,name=credential_store_id,proto3" json:"credential_store_id,omitempty"`
CredentialStoreId string `protobuf:"bytes,40,opt,name=credential_store_id,proto3" json:"credential_store_id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
Type string `protobuf:"bytes,60,opt,name=type,proto3" json:"type,omitempty"`
Type string `protobuf:"bytes,60,opt,name=type,proto3" json:"type,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The type of the credential, empty if unspecified.
CredentialType string `protobuf:"bytes,70,opt,name=credential_type,json=credentialType,proto3" json:"credential_type,omitempty"`
CredentialType string `protobuf:"bytes,70,opt,name=credential_type,json=credentialType,proto3" json:"credential_type,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *CredentialSource) Reset() {
@ -239,15 +239,15 @@ type CredentialLibrary struct {
unknownFields protoimpl.UnknownFields
// The ID of the Credential Library.
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The name of the Credential Library.
Name string `protobuf:"bytes,20,opt,name=name,proto3" json:"name,omitempty"`
Name string `protobuf:"bytes,20,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The description of the Credential Library.
Description string `protobuf:"bytes,30,opt,name=description,proto3" json:"description,omitempty"`
Description string `protobuf:"bytes,30,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Credential Store to which this Credential Library belongs.
CredentialStoreId string `protobuf:"bytes,40,opt,name=credential_store_id,proto3" json:"credential_store_id,omitempty"`
CredentialStoreId string `protobuf:"bytes,40,opt,name=credential_store_id,proto3" json:"credential_store_id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The type of the credential library.
Type string `protobuf:"bytes,60,opt,name=type,proto3" json:"type,omitempty"`
Type string `protobuf:"bytes,60,opt,name=type,proto3" json:"type,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *CredentialLibrary) Reset() {
@ -325,7 +325,7 @@ type SessionSecret struct {
// Output only. The base64-encoded value representing the raw bytes from the
// credential provider.
Raw string `protobuf:"bytes,10,opt,name=raw,proto3" json:"raw,omitempty"`
Raw string `protobuf:"bytes,10,opt,name=raw,proto3" json:"raw,omitempty" class:"secret"` // @gotags: `class:"secret"`
// Output only. The decoded raw string, if a JSON object.
Decoded *structpb.Struct `protobuf:"bytes,20,opt,name=decoded,proto3" json:"decoded,omitempty"`
}
@ -463,52 +463,52 @@ type Target struct {
unknownFields protoimpl.UnknownFields
// Output only. The ID of the resource.
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
// The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty"`
ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. Scope information for this resource.
Scope *scopes.ScopeInfo `protobuf:"bytes,30,opt,name=scope,proto3" json:"scope,omitempty"`
// Required name for identification purposes.
Name *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty"`
Name *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"`
// Optional user-set description for identification purposes.
Description *wrapperspb.StringValue `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty"`
Description *wrapperspb.StringValue `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The time this resource was created.
CreatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=created_time,proto3" json:"created_time,omitempty"`
CreatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=created_time,proto3" json:"created_time,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The time this resource was last updated.
UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,70,opt,name=updated_time,proto3" json:"updated_time,omitempty"`
UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,70,opt,name=updated_time,proto3" json:"updated_time,omitempty" class:"public"` // @gotags: `class:"public"`
// Version is used in mutation requests, after the initial creation, to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty"`
Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"`
// The type of the Target.
Type string `protobuf:"bytes,90,opt,name=type,proto3" json:"type,omitempty"`
Type string `protobuf:"bytes,90,opt,name=type,proto3" json:"type,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The IDs of the Host Sets associated with this Target.
HostSetIds []string `protobuf:"bytes,100,rep,name=host_set_ids,proto3" json:"host_set_ids,omitempty"`
HostSetIds []string `protobuf:"bytes,100,rep,name=host_set_ids,proto3" json:"host_set_ids,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Host Sets associated with this Target.
HostSets []*HostSet `protobuf:"bytes,110,rep,name=host_sets,proto3" json:"host_sets,omitempty"`
// Output only. The IDs of the Host Sources associated with this Target.
HostSourceIds []string `protobuf:"bytes,420,rep,name=host_source_ids,proto3" json:"host_source_ids,omitempty"`
HostSourceIds []string `protobuf:"bytes,420,rep,name=host_source_ids,proto3" json:"host_source_ids,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The Host Sources associated with this Target.
HostSources []*HostSource `protobuf:"bytes,430,rep,name=host_sources,proto3" json:"host_sources,omitempty"`
// Maximum total lifetime of a created Session, in seconds.
SessionMaxSeconds *wrapperspb.UInt32Value `protobuf:"bytes,120,opt,name=session_max_seconds,proto3" json:"session_max_seconds,omitempty"`
SessionMaxSeconds *wrapperspb.UInt32Value `protobuf:"bytes,120,opt,name=session_max_seconds,proto3" json:"session_max_seconds,omitempty" class:"public"` // @gotags: `class:"public"`
// Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
SessionConnectionLimit *wrapperspb.Int32Value `protobuf:"bytes,130,opt,name=session_connection_limit,proto3" json:"session_connection_limit,omitempty"`
SessionConnectionLimit *wrapperspb.Int32Value `protobuf:"bytes,130,opt,name=session_connection_limit,proto3" json:"session_connection_limit,omitempty" class:"public"` // @gotags: `class:"public"`
// Optional boolean expression to filter the workers that are allowed to satisfy this request.
WorkerFilter *wrapperspb.StringValue `protobuf:"bytes,140,opt,name=worker_filter,proto3" json:"worker_filter,omitempty"`
WorkerFilter *wrapperspb.StringValue `protobuf:"bytes,140,opt,name=worker_filter,proto3" json:"worker_filter,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The IDs of the application credential library ids associated with this Target. Deprecated: use application_credential_source_ids instead.
//
// Deprecated: Do not use.
ApplicationCredentialLibraryIds []string `protobuf:"bytes,150,rep,name=application_credential_library_ids,proto3" json:"application_credential_library_ids,omitempty"`
ApplicationCredentialLibraryIds []string `protobuf:"bytes,150,rep,name=application_credential_library_ids,proto3" json:"application_credential_library_ids,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The application credential libraries associated with this Target. Deprecated: use application_credential_sources instead.
//
// Deprecated: Do not use.
ApplicationCredentialLibraries []*CredentialLibrary `protobuf:"bytes,180,rep,name=application_credential_libraries,proto3" json:"application_credential_libraries,omitempty"`
// Output only. The IDs of the application credential source ids associated with this Target.
ApplicationCredentialSourceIds []string `protobuf:"bytes,400,rep,name=application_credential_source_ids,proto3" json:"application_credential_source_ids,omitempty"`
ApplicationCredentialSourceIds []string `protobuf:"bytes,400,rep,name=application_credential_source_ids,proto3" json:"application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The application credential sources associated with this Target.
ApplicationCredentialSources []*CredentialSource `protobuf:"bytes,410,rep,name=application_credential_sources,proto3" json:"application_credential_sources,omitempty"`
// Output only. The IDs of the egress credential source ids associated with this Target.
EgressCredentialSourceIds []string `protobuf:"bytes,500,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty"`
EgressCredentialSourceIds []string `protobuf:"bytes,500,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"`
// Output only. The egress credential sources associated with this Target.
EgressCredentialSources []*CredentialSource `protobuf:"bytes,510,rep,name=egress_credential_sources,proto3" json:"egress_credential_sources,omitempty"`
// Types that are assignable to Attrs:
@ -516,7 +516,7 @@ type Target struct {
// *Target_TcpTargetAttributes
Attrs isTarget_Attrs `protobuf_oneof:"attrs"`
// Output only. The available actions on this resource for this user.
AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty"`
AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *Target) Reset() {
@ -759,7 +759,7 @@ type TcpTargetAttributes struct {
unknownFields protoimpl.UnknownFields
// The default TCP port that will be used when connecting to the endpoint unless overridden by a Host Set or Host.
DefaultPort *wrapperspb.UInt32Value `protobuf:"bytes,10,opt,name=default_port,proto3" json:"default_port,omitempty"`
DefaultPort *wrapperspb.UInt32Value `protobuf:"bytes,10,opt,name=default_port,proto3" json:"default_port,omitempty" class:"public"` // @gotags: `class:"public"`
}
func (x *TcpTargetAttributes) Reset() {
@ -869,7 +869,7 @@ type SessionAuthorizationData struct {
// Output only. The connection limit being applied to this session. -1 means unlimited. This is not actually enforced on the client side but it provides for better listener handling by including it.
ConnectionLimit int32 `protobuf:"varint,90,opt,name=connection_limit,proto3" json:"connection_limit,omitempty"`
// Output only. The certificate to use when connecting. Raw DER bytes.
Certificate []byte `protobuf:"bytes,120,opt,name=certificate,proto3" json:"certificate,omitempty" class:"secret"` // @gotags: `class:"secret"`
Certificate []byte `protobuf:"bytes,120,opt,name=certificate,proto3" json:"certificate,omitempty" class:"sensitive"` // @gotags: `class:"sensitive"`
// Output only. The private key to use when connecting. We are using Ed25519, so this is purely raw bytes, no marshaling.
PrivateKey []byte `protobuf:"bytes,130,opt,name=private_key,proto3" json:"private_key,omitempty" class:"secret"` // @gotags: `class:"secret"`
// Output only. The host ID...not used for security purposes, but for some special command handling (e.g. ssh host key aliasing).
@ -1135,9 +1135,9 @@ type UserPasswordCredential struct {
unknownFields protoimpl.UnknownFields
// Username of the credential
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty" class:"sensitive"` // @gotags: `class:"sensitive"`
// Password of the credential
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" class:"secret"` // @gotags: `class:"secret"`
}
func (x *UserPasswordCredential) Reset() {
@ -1267,7 +1267,7 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{
0x37, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x18, 0x28, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0a, 0x63, 0x72,
0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x22, 0xd9, 0x0f, 0x0a, 0x06, 0x54, 0x61, 0x72,
0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x22, 0xc9, 0x0f, 0x0a, 0x06, 0x54, 0x61, 0x72,
0x67, 0x65, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52,
0x02, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18,
0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x12,
@ -1374,12 +1374,11 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{
0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e,
0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x52, 0x19, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64,
0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x5b,
0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x4b,
0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0xc8, 0x01, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x1f, 0xa0, 0xda,
0x29, 0x01, 0x9a, 0xe3, 0x29, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0xfa, 0xd2, 0xe4,
0x93, 0x02, 0x0a, 0x12, 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x48, 0x00, 0x52,
0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x0f, 0xa0, 0xda,
0x29, 0x01, 0x9a, 0xe3, 0x29, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52,
0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x8c, 0x01, 0x0a, 0x15,
0x74, 0x63, 0x70, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69,
0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0xc9, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x63,

Write Preview
Loading…
Cancel
Save