diff --git a/api/targets/custom.go b/api/targets/custom.go index 0be0837b28..bc084e1b73 100644 --- a/api/targets/custom.go +++ b/api/targets/custom.go @@ -25,9 +25,9 @@ func (n SessionAuthorizationResult) GetResponseMap() map[string]interface{} { return n.responseMap } -func (c *Client) Authorize(ctx context.Context, targetId string, opt ...Option) (*SessionAuthorizationResult, error) { +func (c *Client) AuthorizeSession(ctx context.Context, targetId string, opt ...Option) (*SessionAuthorizationResult, error) { if targetId == "" { - return nil, fmt.Errorf("empty targetId value passed into Authorize request") + return nil, fmt.Errorf("empty targetId value passed into AuthorizeSession request") } opts, apiOpts := getOpts(opt...) @@ -36,9 +36,9 @@ func (c *Client) Authorize(ctx context.Context, targetId string, opt ...Option) return nil, fmt.Errorf("nil client") } - req, err := c.client.NewRequest(ctx, "POST", fmt.Sprintf("targets/%s:authorize", targetId), opts.postMap, apiOpts...) + req, err := c.client.NewRequest(ctx, "POST", fmt.Sprintf("targets/%s:authorize-session", targetId), opts.postMap, apiOpts...) if err != nil { - return nil, fmt.Errorf("error creating Authorize request: %w", err) + return nil, fmt.Errorf("error creating AuthorizeSession request: %w", err) } if len(opts.queryMap) > 0 { @@ -51,14 +51,14 @@ func (c *Client) Authorize(ctx context.Context, targetId string, opt ...Option) resp, err := c.client.Do(req) if err != nil { - return nil, fmt.Errorf("error performing client request during Authorize call: %w", err) + return nil, fmt.Errorf("error performing client request during AuthorizeSession call: %w", err) } sar := new(SessionAuthorizationResult) sar.Item = new(SessionAuthorization) apiErr, err := resp.Decode(sar.Item) if err != nil { - return nil, fmt.Errorf("error decoding Authorize response: %w", err) + return nil, fmt.Errorf("error decoding AuthorizeSession response: %w", err) } if apiErr != nil { return nil, apiErr diff --git a/internal/auth/additional_verification_test.go b/internal/auth/additional_verification_test.go index a01bf03b78..d94f6cf9ac 100644 --- a/internal/auth/additional_verification_test.go +++ b/internal/auth/additional_verification_test.go @@ -45,7 +45,7 @@ func TestAdditionalVerification(t *testing.T) { projRole := iam.TestRole(t, conn, proj.GetPublicId()) iam.TestUserRole(t, conn, projRole.PublicId, token.UserId) - iam.TestRoleGrant(t, conn, projRole.PublicId, "id=ttcp_1234567890;actions=authorize") + iam.TestRoleGrant(t, conn, projRole.PublicId, "id=ttcp_1234567890;actions=authorize-session") type additionalCase struct { name string @@ -91,7 +91,7 @@ func TestAdditionalVerification(t *testing.T) { name: "good target", opts: []auth.Option{ auth.WithId("ttcp_1234567890"), - auth.WithAction(action.Authorize), + auth.WithAction(action.AuthorizeSession), auth.WithScopeId(proj.PublicId), auth.WithType(resource.Target), }, diff --git a/internal/cmd/commands.go b/internal/cmd/commands.go index 986e66449e..f934d412e2 100644 --- a/internal/cmd/commands.go +++ b/internal/cmd/commands.go @@ -621,10 +621,10 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) { Command: base.NewCommand(ui), }, nil }, - "targets authorize": func() (cli.Command, error) { + "targets authorize-session": func() (cli.Command, error) { return &targets.Command{ Command: base.NewCommand(ui), - Func: "authorize", + Func: "authorize-session", }, nil }, "targets read": func() (cli.Command, error) { diff --git a/internal/cmd/commands/proxy/proxy.go b/internal/cmd/commands/proxy/proxy.go index 70f9131fb3..a59e948711 100644 --- a/internal/cmd/commands/proxy/proxy.go +++ b/internal/cmd/commands/proxy/proxy.go @@ -135,7 +135,7 @@ func (c *Command) Help() string { return base.WrapForHelpText([]string{ "Usage: boundary connect [options] [args]", "", - ` This command performs a target authorization and proxy launch in one command; it is equivalent to sending the output of "boundary targets authorize" into "boundary proxy". See the help output for those commands for more information.`, + ` This command performs a target authorization and proxy launch in one command; it is equivalent to sending the output of "boundary targets authorize-session" into "boundary proxy". See the help output for those commands for more information.`, "", " Example:", "", @@ -412,8 +412,8 @@ func (c *Command) Run(args []string) (retCode int) { } if authzString[0] == '{' { - // Attempt to decode the JSON output of an authorize call and pull the - // token out of there + // Attempt to decode the JSON output of an authorize-session call + // and pull the token out of there c.sessionAuthz = new(targets.SessionAuthorization) if err := json.Unmarshal([]byte(authzString), c.sessionAuthz); err == nil { authzString = c.sessionAuthz.AuthorizationToken @@ -438,10 +438,10 @@ func (c *Command) Run(args []string) (retCode int) { opts = append(opts, targets.WithHostId(c.flagHostId)) } - sar, err := targetClient.Authorize(c.Context, c.flagTargetId, opts...) + sar, err := targetClient.AuthorizeSession(c.Context, c.flagTargetId, opts...) if err != nil { if api.AsServerError(err) != nil { - c.UI.Error(fmt.Sprintf("Error from controller when performing authorize on a session against target: %s", err.Error())) + c.UI.Error(fmt.Sprintf("Error from controller when performing authorize-session against target: %s", err.Error())) return 1 } c.UI.Error(fmt.Sprintf("Error trying to authorize a session against target: %s", err.Error())) diff --git a/internal/cmd/commands/targets/target.go b/internal/cmd/commands/targets/target.go index d38500714b..68e0a8db68 100644 --- a/internal/cmd/commands/targets/target.go +++ b/internal/cmd/commands/targets/target.go @@ -39,13 +39,13 @@ func (c *Command) Synopsis() string { } var flagsMap = map[string][]string{ - "authorize": {"id", "host-id"}, - "read": {"id"}, - "delete": {"id"}, - "list": {"scope-id"}, - "add-host-sets": {"id", "host-set", "version"}, - "remove-host-sets": {"id", "host-set", "version"}, - "set-host-sets": {"id", "host-set", "version"}, + "authorize-session": {"id", "host-id"}, + "read": {"id"}, + "delete": {"id"}, + "list": {"scope-id"}, + "add-host-sets": {"id", "host-set", "version"}, + "remove-host-sets": {"id", "host-set", "version"}, + "set-host-sets": {"id", "host-set", "version"}, } func (c *Command) Help() string { @@ -118,15 +118,15 @@ func (c *Command) Help() string { "", ` $ boundary targets set-host-sets -id ttcp_1234567890 -host-set hsst_1234567890`, }) - case "authorize": + case "authorize-session": helpStr = base.WrapForHelpText([]string{ - "Usage: boundary target authorize [options] [args]", + "Usage: boundary target authorize-session [options] [args]", "", " This command allows fetching session authorization credentials against a target. Example:", "", " Set host-set resources on a tcp-type target:", "", - ` $ boundary targets authorize -id ttcp_1234567890`, + ` $ boundary targets authorize-session -id ttcp_1234567890`, }) default: helpStr = helpMap[c.Func]() @@ -237,7 +237,7 @@ func (c *Command) Run(args []string) int { hostSets = nil } } - case "authorize": + case "authorize-session": if len(c.flagHostId) != 0 { opts = append(opts, targets.WithHostId(c.flagHostId)) } @@ -283,14 +283,14 @@ func (c *Command) Run(args []string) int { case "set-host-sets": result, err = targetClient.SetHostSets(c.Context, c.FlagId, version, hostSets, opts...) case "authorize": - sar, err = targetClient.Authorize(c.Context, c.FlagId, opts...) + sar, err = targetClient.AuthorizeSession(c.Context, c.FlagId, opts...) } plural := "target" switch c.Func { case "list": plural = "targets" - case "authorize": + case "authorize-session": plural = "a session against target" } if err != nil { @@ -370,7 +370,7 @@ func (c *Command) Run(args []string) int { } return 0 - case "authorize": + case "authorize-session": sa := sar.GetItem().(*targets.SessionAuthorization) switch base.Format(c.UI) { case "table": diff --git a/internal/perms/grants_test.go b/internal/perms/grants_test.go index 3dfc49f3ea..7d1f2d8c4b 100644 --- a/internal/perms/grants_test.go +++ b/internal/perms/grants_test.go @@ -54,24 +54,24 @@ func Test_ActionParsingValidation(t *testing.T) { { name: "all valid plus all", input: Grant{ - actionsBeingParsed: []string{"list", "create", "update", "*", "read", "delete", "authenticate", "authorize"}, + actionsBeingParsed: []string{"list", "create", "update", "*", "read", "delete", "authenticate", "authorize-session"}, }, errResult: `"*" cannot be specified with other actions`, }, { name: "all valid", input: Grant{ - actionsBeingParsed: []string{"list", "create", "update", "read", "delete", "authenticate", "authorize"}, + actionsBeingParsed: []string{"list", "create", "update", "read", "delete", "authenticate", "authorize-session"}, }, result: Grant{ actions: map[action.Type]bool{ - action.List: true, - action.Create: true, - action.Update: true, - action.Read: true, - action.Delete: true, - action.Authenticate: true, - action.Authorize: true, + action.List: true, + action.Create: true, + action.Update: true, + action.Read: true, + action.Delete: true, + action.Authenticate: true, + action.AuthorizeSession: true, }, }, }, diff --git a/internal/proto/local/controller/api/services/v1/target_service.proto b/internal/proto/local/controller/api/services/v1/target_service.proto index 6e480ae702..25fc37011e 100644 --- a/internal/proto/local/controller/api/services/v1/target_service.proto +++ b/internal/proto/local/controller/api/services/v1/target_service.proto @@ -87,7 +87,7 @@ service TargetService { // AuthorizeSession creates authorization information from a given Target. rpc AuthorizeSession(AuthorizeSessionRequest) returns (AuthorizeSessionResponse) { option (google.api.http) = { - post: "/v1/targets/{id}:authorize" + post: "/v1/targets/{id}:authorize-session" body: "*" response_body: "item" }; diff --git a/internal/servers/controller/handlers/targets/target_service.go b/internal/servers/controller/handlers/targets/target_service.go index d4d8c3aaf8..fe4ddd35c4 100644 --- a/internal/servers/controller/handlers/targets/target_service.go +++ b/internal/servers/controller/handlers/targets/target_service.go @@ -227,10 +227,10 @@ func (s Service) RemoveTargetHostSets(ctx context.Context, req *pbs.RemoveTarget } func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSessionRequest) (*pbs.AuthorizeSessionResponse, error) { - if err := validateAuthorizeRequest(req); err != nil { + if err := validateAuthorizeSessionRequest(req); err != nil { return nil, err } - authResults := s.authResult(ctx, req.GetId(), action.Authorize) + authResults := s.authResult(ctx, req.GetId(), action.AuthorizeSession) if authResults.Error != nil { return nil, authResults.Error } @@ -857,7 +857,7 @@ func validateRemoveRequest(req *pbs.RemoveTargetHostSetsRequest) error { return nil } -func validateAuthorizeRequest(req *pbs.AuthorizeSessionRequest) error { +func validateAuthorizeSessionRequest(req *pbs.AuthorizeSessionRequest) error { badFields := map[string]string{} if !handlers.ValidId(target.TcpTargetPrefix, req.GetId()) { badFields["id"] = "Incorrectly formatted identifier." diff --git a/internal/types/action/action.go b/internal/types/action/action.go index 421021e507..e7c33bd252 100644 --- a/internal/types/action/action.go +++ b/internal/types/action/action.go @@ -14,7 +14,7 @@ const ( Delete Type = 5 Authenticate Type = 6 All Type = 7 - Authorize Type = 8 + AuthorizeSession Type = 8 AddGrants Type = 9 RemoveGrants Type = 10 SetGrants Type = 11 @@ -47,7 +47,7 @@ var Map = map[string]Type{ Delete.String(): Delete, Authenticate.String(): Authenticate, All.String(): All, - Authorize.String(): Authorize, + AuthorizeSession.String(): AuthorizeSession, AddGrants.String(): AddGrants, RemoveGrants.String(): RemoveGrants, SetGrants.String(): SetGrants, @@ -82,7 +82,7 @@ func (a Type) String() string { "delete", "authenticate", "*", - "authorize", + "authorize-session", "add-grants", "remove-grants", "set-grants", diff --git a/internal/types/action/action_test.go b/internal/types/action/action_test.go index 01890bb513..b0f126696e 100644 --- a/internal/types/action/action_test.go +++ b/internal/types/action/action_test.go @@ -44,8 +44,8 @@ func TestAction(t *testing.T) { want: "*", }, { - action: Authorize, - want: "authorize", + action: AuthorizeSession, + want: "authorize-session", }, { action: AddGrants, diff --git a/internal/website/permstable/permstable.go b/internal/website/permstable/permstable.go index 15d0d9987d..fcc938cb69 100644 --- a/internal/website/permstable/permstable.go +++ b/internal/website/permstable/permstable.go @@ -733,10 +733,10 @@ var target = &Resource{ }, }, &Action{ - Name: "authorize", + Name: "authorize-session", Description: "Authorize a session via the target", Examples: []string{ - "id=;actions=authorize", + "id=;actions=authorize-session", }, }, ), diff --git a/website/content/docs/common-workflows/manage-sessions.mdx b/website/content/docs/common-workflows/manage-sessions.mdx index d77ebcff68..da1b2dfe0b 100644 --- a/website/content/docs/common-workflows/manage-sessions.mdx +++ b/website/content/docs/common-workflows/manage-sessions.mdx @@ -20,7 +20,7 @@ For this example, we're going to authorize that you are able to connect to a tar ```bash -$ boundary targets authorize -id ttcp_1234567890 +$ boundary targets authorize-session -id ttcp_1234567890 Target information: Authorization Token: $LONG_STRING_OF_TEXT diff --git a/website/content/docs/concepts/permissions.mdx b/website/content/docs/concepts/permissions.mdx index 5b0f086be1..6713bec56d 100644 --- a/website/content/docs/concepts/permissions.mdx +++ b/website/content/docs/concepts/permissions.mdx @@ -1189,10 +1189,10 @@ wildcard or templated grant strings.
  • id=<id>;actions=remove-host-sets
  • - authorize: Authorize a session via the target + authorize-session: Authorize a session via the target
      • -
    • id=<id>;actions=authorize
      • +
    • id=<id>;actions=authorize-session