feat(account): Add gotags classification

Add gotag classification to all account proto and service definitions.
4 years ago · 6e6efeee71
parent ac5a1acca8
commit 6e6efeee71
5 changed files with 60 additions and 58 deletions
--- a/2
+++ b/2
@ -156,6 +156,8 @@ protobuild:
 	@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/scopes/scope.pb.go
 	@protoc-go-inject-tag -input=./internal/gen/controller/servers/services/session_service.pb.go
 	@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/targets/target.pb.go
+	@protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/accounts/account.pb.go
+	@protoc-go-inject-tag -input=./internal/gen/controller/api/services/account_service.pb.go

 	# these protos, services and openapi artifacts are purely for testing purposes
 	@protoc-go-inject-tag -input=./internal/gen/testing/event/event.pb.go
--- a/internal/gen/controller/api/services/account_service.pb.go
+++ b/internal/gen/controller/api/services/account_service.pb.go
@ -29,7 +29,7 @@ type GetAccountRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 }

 func (x *GetAccountRequest) Reset() {
@ -123,8 +123,8 @@ type ListAccountsRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	AuthMethodId string `protobuf:"bytes,1,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty"`
-	Filter       string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty"`
+	AuthMethodId string `protobuf:"bytes,1,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty" class:"public"` // @gotags: `class:"public"`
+	Filter       string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty" class:"sensitive"`                // @gotags: `class:"sensitive"`
 }

 func (x *ListAccountsRequest) Reset() {
@ -272,7 +272,7 @@ type CreateAccountResponse struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Uri  string            `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
+	Uri  string            `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty" class:"public"` // @gotags: `class:"public"`
 	Item *accounts.Account `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"`
 }

@ -327,7 +327,7 @@ type UpdateAccountRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id         string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Id         string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 	Item       *accounts.Account      `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"`
 	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,proto3" json:"update_mask,omitempty"`
 }
@ -437,7 +437,7 @@ type DeleteAccountRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 }

 func (x *DeleteAccountRequest) Reset() {
@ -522,11 +522,11 @@ type SetPasswordRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Version is used to ensure this resource has not changed.
 	// The mutation will fail if the version does not match the latest known good version.
-	Version  uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
-	Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
+	Version  uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"`  // @gotags: `class:"public"`
+	Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty" class:"secret"` // @gotags: `class:"secret"`
 }

 func (x *SetPasswordRequest) Reset() {
@ -634,12 +634,12 @@ type ChangePasswordRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Version is used to ensure this resource has not changed.
 	// The mutation will fail if the version does not match the latest known good version.
-	Version         uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"`
-	CurrentPassword string `protobuf:"bytes,3,opt,name=current_password,proto3" json:"current_password,omitempty"`
-	NewPassword     string `protobuf:"bytes,4,opt,name=new_password,proto3" json:"new_password,omitempty"`
+	Version         uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"`                  // @gotags: `class:"public"`
+	CurrentPassword string `protobuf:"bytes,3,opt,name=current_password,proto3" json:"current_password,omitempty" class:"secret"` // @gotags: `class:"secret"`
+	NewPassword     string `protobuf:"bytes,4,opt,name=new_password,proto3" json:"new_password,omitempty" class:"secret"`         // @gotags: `class:"secret"`
 }

 func (x *ChangePasswordRequest) Reset() {
--- a/internal/proto/controller/api/resources/accounts/v1/account.proto
+++ b/internal/proto/controller/api/resources/accounts/v1/account.proto
@ -14,32 +14,32 @@ import "controller/custom_options/v1/options.proto";
 // Account contains all fields related to an Account resource
 message Account {
 	// Output only. The ID of the Account.
-	string id = 10;
+	string id = 10;  // @gotags: `class:"public"`

 	// Output only. Scope information for the Account.
 	resources.scopes.v1.ScopeInfo scope = 20;

 	// Optional name for identification purposes.
-	google.protobuf.StringValue name = 30 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "Name"}];
+	google.protobuf.StringValue name = 30 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "Name"}];  // @gotags: `class:"public"`

 	// Optional user-set description for identification purposes.
-	google.protobuf.StringValue description = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "Description"}];
+	google.protobuf.StringValue description = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "Description"}];  // @gotags: `class:"public"`

 	// Output only. The time this resource was created.
-	google.protobuf.Timestamp created_time = 50 [json_name="created_time"];
+	google.protobuf.Timestamp created_time = 50 [json_name="created_time"];  // @gotags: `class:"public"`

 	// Output only. The time this resource was last updated.
-	google.protobuf.Timestamp updated_time = 60 [json_name="updated_time"];
+	google.protobuf.Timestamp updated_time = 60 [json_name="updated_time"];  // @gotags: `class:"public"`

 	// Version is used in mutation requests, after the initial creation, to ensure this resource has not changed.
 	// The mutation will fail if the version does not match the latest known good version.
-	uint32 version = 70;
+	uint32 version = 70;  // @gotags: `class:"public"`

 	// The type of this Account.
-	string type = 80;
+	string type = 80;  // @gotags: `class:"public"`

 	// The ID of the Auth Method that is associated with this Account.
-	string auth_method_id = 90 [json_name="auth_method_id"];
+	string auth_method_id = 90 [json_name="auth_method_id"];  // @gotags: `class:"public"`

 	oneof attrs {
 		// The attributes that are applicable for the specific Account type.
@ -57,36 +57,36 @@ message Account {
 	}

 	// Output only. managed_group_ids indicates IDs of the managed groups that currently contain this account
-	repeated string managed_group_ids = 110 [json_name="managed_group_ids"];
+	repeated string managed_group_ids = 110 [json_name="managed_group_ids"];  // @gotags: `class:"public"`

 	// Output only. The available actions on this resource for this user.
-	repeated string authorized_actions = 300 [json_name="authorized_actions"];
+	repeated string authorized_actions = 300 [json_name="authorized_actions"];  // @gotags: `class:"public"`
 }

 // Attributes associated only with Accounts with type "password".
 message PasswordAccountAttributes {
 	// The login name of this Account. This is unique per Auth Method.
-	string login_name = 10 [json_name="login_name", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"attributes.login_name" that: "LoginName"}];
+	string login_name = 10 [json_name="login_name", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"attributes.login_name" that: "LoginName"}];  // @gotags: `class:"sensitive"`

 	// The password for this Account.
-	google.protobuf.StringValue password = 20 [(custom_options.v1.generate_sdk_option) = true];
+	google.protobuf.StringValue password = 20 [(custom_options.v1.generate_sdk_option) = true];  // @gotags: `class:"secret"`
 }

 // Attributes associated only with Accounts with type "oidc".
 message OidcAccountAttributes {
 	// issuer is a case sensitive URL that maps to the OIDC iss claim.
 	// This value is immutable after creation time.
-	string issuer = 80 [json_name="issuer", (custom_options.v1.generate_sdk_option) = true];
+	string issuer = 80 [json_name="issuer", (custom_options.v1.generate_sdk_option) = true];  // @gotags: `class:"public"`

 	// subject is a case sensitive string that maps to the OIDC sub claim.
 	// This value is immutable after creation time.
-	string subject = 90 [json_name="subject", (custom_options.v1.generate_sdk_option) = true];
+	string subject = 90 [json_name="subject", (custom_options.v1.generate_sdk_option) = true];  // @gotags: `class:"public"`

 	// Output only. full_name is a string that maps to the OIDC name claim.
-	string full_name = 100 [json_name="full_name"];
+	string full_name = 100 [json_name="full_name"];  // @gotags: `class:"public"`

 	// Output only. email is a string that maps to the OIDC email claim.
-	string email = 110;
+	string email = 110;  // @gotags: `class:"public"`

 	// Output only. token_claims are the marshaled claims from the token.
 	google.protobuf.Struct token_claims = 120;
--- a/internal/proto/controller/api/services/v1/account_service.proto
+++ b/internal/proto/controller/api/services/v1/account_service.proto
@ -114,7 +114,7 @@ service AccountService {
 }

 message GetAccountRequest {
-  string id = 1;
+  string id = 1;  // @gotags: `class:"public"`
 }

 message GetAccountResponse {
@ -122,8 +122,8 @@ message GetAccountResponse {
 }

 message ListAccountsRequest {
-  string auth_method_id = 1 [json_name="auth_method_id"];
-  string filter = 30 [json_name="filter"];
+  string auth_method_id = 1 [json_name="auth_method_id"];  // @gotags: `class:"public"`
+  string filter = 30 [json_name="filter"];  // @gotags: `class:"sensitive"`
 }

 message ListAccountsResponse {
@ -135,12 +135,12 @@ message CreateAccountRequest {
 }

 message CreateAccountResponse {
-  string uri = 1;
+  string uri = 1;  // @gotags: `class:"public"`
  resources.accounts.v1.Account item = 2;
 }

 message UpdateAccountRequest {
-  string id = 1;
+  string id = 1;  // @gotags: `class:"public"`
  resources.accounts.v1.Account item = 2;
  google.protobuf.FieldMask update_mask = 3 [json_name="update_mask"];
 }
@ -150,17 +150,17 @@ message UpdateAccountResponse {
 }

 message DeleteAccountRequest {
-  string id = 1;
+  string id = 1;  // @gotags: `class:"public"`
 }

 message DeleteAccountResponse {}

 message SetPasswordRequest {
-  string id = 1;
+  string id = 1;  // @gotags: `class:"public"`
  // Version is used to ensure this resource has not changed.
  // The mutation will fail if the version does not match the latest known good version.
-  uint32 version = 2;
-  string password = 3;
+  uint32 version = 2;  // @gotags: `class:"public"`
+  string password = 3;  // @gotags: `class:"secret"`
 }

 message SetPasswordResponse {
@ -168,12 +168,12 @@ message SetPasswordResponse {
 }

 message ChangePasswordRequest {
-  string id = 1;
+  string id = 1;  // @gotags: `class:"public"`
  // Version is used to ensure this resource has not changed.
  // The mutation will fail if the version does not match the latest known good version.
-  uint32 version = 2;
-  string current_password = 3 [json_name="current_password"];
-  string new_password = 4 [json_name="new_password"];
+  uint32 version = 2;  // @gotags: `class:"public"`
+  string current_password = 3 [json_name="current_password"];  // @gotags: `class:"secret"`
+  string new_password = 4 [json_name="new_password"];  // @gotags: `class:"secret"`
 }

 message ChangePasswordResponse {
--- a/sdk/pbs/controller/api/resources/accounts/account.pb.go
+++ b/sdk/pbs/controller/api/resources/accounts/account.pb.go
@ -33,33 +33,33 @@ type Account struct {
 	unknownFields protoimpl.UnknownFields

 	// Output only. The ID of the Account.
-	Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"`
+	Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. Scope information for the Account.
 	Scope *scopes.ScopeInfo `protobuf:"bytes,20,opt,name=scope,proto3" json:"scope,omitempty"`
 	// Optional name for identification purposes.
-	Name *wrapperspb.StringValue `protobuf:"bytes,30,opt,name=name,proto3" json:"name,omitempty"`
+	Name *wrapperspb.StringValue `protobuf:"bytes,30,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Optional user-set description for identification purposes.
-	Description *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=description,proto3" json:"description,omitempty"`
+	Description *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. The time this resource was created.
-	CreatedTime *timestamppb.Timestamp `protobuf:"bytes,50,opt,name=created_time,proto3" json:"created_time,omitempty"`
+	CreatedTime *timestamppb.Timestamp `protobuf:"bytes,50,opt,name=created_time,proto3" json:"created_time,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. The time this resource was last updated.
-	UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=updated_time,proto3" json:"updated_time,omitempty"`
+	UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=updated_time,proto3" json:"updated_time,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Version is used in mutation requests, after the initial creation, to ensure this resource has not changed.
 	// The mutation will fail if the version does not match the latest known good version.
-	Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty"`
+	Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"`
 	// The type of this Account.
-	Type string `protobuf:"bytes,80,opt,name=type,proto3" json:"type,omitempty"`
+	Type string `protobuf:"bytes,80,opt,name=type,proto3" json:"type,omitempty" class:"public"` // @gotags: `class:"public"`
 	// The ID of the Auth Method that is associated with this Account.
-	AuthMethodId string `protobuf:"bytes,90,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty"`
+	AuthMethodId string `protobuf:"bytes,90,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Types that are assignable to Attrs:
 	//	*Account_Attributes
 	//	*Account_PasswordAccountAttributes
 	//	*Account_OidcAccountAttributes
 	Attrs isAccount_Attrs `protobuf_oneof:"attrs"`
 	// Output only. managed_group_ids indicates IDs of the managed groups that currently contain this account
-	ManagedGroupIds []string `protobuf:"bytes,110,rep,name=managed_group_ids,proto3" json:"managed_group_ids,omitempty"`
+	ManagedGroupIds []string `protobuf:"bytes,110,rep,name=managed_group_ids,proto3" json:"managed_group_ids,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. The available actions on this resource for this user.
-	AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty"`
+	AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty" class:"public"` // @gotags: `class:"public"`
 }

 func (x *Account) Reset() {
@ -229,9 +229,9 @@ type PasswordAccountAttributes struct {
 	unknownFields protoimpl.UnknownFields

 	// The login name of this Account. This is unique per Auth Method.
-	LoginName string `protobuf:"bytes,10,opt,name=login_name,proto3" json:"login_name,omitempty"`
+	LoginName string `protobuf:"bytes,10,opt,name=login_name,proto3" json:"login_name,omitempty" class:"sensitive"` // @gotags: `class:"sensitive"`
 	// The password for this Account.
-	Password *wrapperspb.StringValue `protobuf:"bytes,20,opt,name=password,proto3" json:"password,omitempty"`
+	Password *wrapperspb.StringValue `protobuf:"bytes,20,opt,name=password,proto3" json:"password,omitempty" class:"secret"` // @gotags: `class:"secret"`
 }

 func (x *PasswordAccountAttributes) Reset() {
@ -288,14 +288,14 @@ type OidcAccountAttributes struct {

 	// issuer is a case sensitive URL that maps to the OIDC iss claim.
 	// This value is immutable after creation time.
-	Issuer string `protobuf:"bytes,80,opt,name=issuer,proto3" json:"issuer,omitempty"`
+	Issuer string `protobuf:"bytes,80,opt,name=issuer,proto3" json:"issuer,omitempty" class:"public"` // @gotags: `class:"public"`
 	// subject is a case sensitive string that maps to the OIDC sub claim.
 	// This value is immutable after creation time.
-	Subject string `protobuf:"bytes,90,opt,name=subject,proto3" json:"subject,omitempty"`
+	Subject string `protobuf:"bytes,90,opt,name=subject,proto3" json:"subject,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. full_name is a string that maps to the OIDC name claim.
-	FullName string `protobuf:"bytes,100,opt,name=full_name,proto3" json:"full_name,omitempty"`
+	FullName string `protobuf:"bytes,100,opt,name=full_name,proto3" json:"full_name,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. email is a string that maps to the OIDC email claim.
-	Email string `protobuf:"bytes,110,opt,name=email,proto3" json:"email,omitempty"`
+	Email string `protobuf:"bytes,110,opt,name=email,proto3" json:"email,omitempty" class:"public"` // @gotags: `class:"public"`
 	// Output only. token_claims are the marshaled claims from the token.
 	TokenClaims *structpb.Struct `protobuf:"bytes,120,opt,name=token_claims,json=tokenClaims,proto3" json:"token_claims,omitempty"`
 	// Output only. userinfo_claims are the marshaled claims from userinfo.