aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor(user_passsword) change all references of user_password into username_password (#2189)

Browse Source 
* (refactor) change all sql references of user_password to username_password

* refactor(pkg) renamed pkg userpassword to usernamepassword

* refactor(proto) updated protocol buffers to use UsernamePassword

* refactor(code) updated references from UserPassword to UsernamePassword in golang files

* refactor(test) updated unit tests to reference UsernamePassword changes

* refactor(ddtest) updated references in dbtests to use UsernamePassword

* chore(sql-test) fixed spelling issue

* chore(sql) added and updated comments in migartion & tables. fixed indentations

* chore(proto) updated comments to reflect username_password changes

* refactor(tests) updated unit tests to replace user-password with username-password

* refactor(cmd) updated cmd help text to use username

* chore(tests) update test name & comments

* fix(cmd) fixed cmd usage definition for credentials update

* refactor(tests) removed out of scope changes

* fix(sql) incremented sql migration id & updated migration comments
pull/2209/head
Damian Debkowski 4 years ago committed by GitHub
parent a589c32269
commit ab58b24142
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 367 additions and 278 deletions
Show Stats Download Patch File Download Diff File

2
internal/cmd/commands/credentialscmd/funcs.go
Unescape View File

@ -42,7 +42,7 @@ func (c *Command) extraHelpFunc(helpMap map[string]func() string) string {
"",
" This command allows update operations on Boundary credential resources. Example:",
"",
" Update a user password credential:",
" Update a username password credential:",
"",
` $ boundary credentials update username-password -id cred_1234567890 -name devops -description "For DevOps usage"`,
"",

8
internal/cmd/commands/credentialscmd/username_password_funcs.go
Unescape View File

@ -33,7 +33,7 @@ func extraUsernamePasswordActionsFlagsMapFuncImpl() map[string][]string {
}
func extraUsernamePasswordFlagsFuncImpl(c *UsernamePasswordCommand, set *base.FlagSets, _ *base.FlagSet) {
f := set.NewFlagSet("User Password Credential Options")
f := set.NewFlagSet("Username Password Credential Options")
for _, name := range flagsUsernamePasswordMap[c.Func] {
switch name {
@ -75,7 +75,7 @@ func (c *UsernamePasswordCommand) extraUsernamePasswordHelpFunc(_ map[string]fun
helpStr = base.WrapForHelpText([]string{
"Usage: boundary credentials create username-password -credential-store-id [options] [args]",
"",
" Create a user password credential. Example:",
" Create a username password credential. Example:",
"",
` $ boundary credentials create username-password -credential-store-id csvlt_1234567890 -username user -password pass`,
"",
@ -84,9 +84,9 @@ func (c *UsernamePasswordCommand) extraUsernamePasswordHelpFunc(_ map[string]fun
case "update":
helpStr = base.WrapForHelpText([]string{
"Usage: boundary credentials update user password [options] [args]",
"Usage: boundary credentials update username-password [options] [args]",
"",
" Update a user password credential given its ID. Example:",
" Update a username password credential given its ID. Example:",
"",
` $ boundary credentials update username-password -id clvlt_1234567890 -name devops -description "For DevOps usage"`,
"",

4
internal/credential/static/testing.go
Unescape View File

@ -64,7 +64,7 @@ func TestCredentialStores(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, s
return css
}
// TestUsernamePasswordCredential creates a user password credential in the provided DB with
// TestUsernamePasswordCredential creates a username password credential in the provided DB with
// the provided scope and any values passed in through.
// If any errors are encountered during the creation of the store, the test will fail.
func TestUsernamePasswordCredential(
@ -105,7 +105,7 @@ func TestUsernamePasswordCredential(
return cred
}
// TestUsernamePasswordCredentials creates count number of user password credentials in
// TestUsernamePasswordCredentials creates count number of username password credentials in
// the provided DB with the provided scope id. If any errors are
// encountered during the creation of the credentials, the test will fail.
func TestUsernamePasswordCredentials(

4
internal/credential/vault/credential_library_test.go
Unescape View File

@ -234,11 +234,11 @@ func TestCredentialLibrary_New(t *testing.T) {
opts: []Option{
WithMethod(MethodGet),
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(WithOverrideUsernameAttribute("test"))),
WithMappingOverride(NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test"))),
},
},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("test")),
MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test")),
CredentialLibrary: &store.CredentialLibrary{
StoreId: cs.PublicId,
VaultPath: "vault/path",

3
internal/credential/vault/internal/usernamepassword/doc.go
Unescape View File

@ -0,0 +1,3 @@
// Package usernamepassword provides access to the username and password
// stored in a Vault secret.
package usernamepassword

2
internal/credential/vault/internal/userpassword/userpassword.go → internal/credential/vault/internal/usernamepassword/usernamepassword.go
Unescape View File

@ -1,4 +1,4 @@
package userpassword
package usernamepassword
type (
data map[string]interface{}

2
internal/credential/vault/internal/userpassword/userpassword_test.go → internal/credential/vault/internal/usernamepassword/usernamepassword_test.go
Unescape View File

@ -1,4 +1,4 @@
package userpassword
package usernamepassword
import (
"testing"

3
internal/credential/vault/internal/userpassword/doc.go
Unescape View File

@ -1,3 +0,0 @@
// Package userpassword provides access to the username and password
// stored in a Vault secret.
package userpassword

46
internal/credential/vault/mapping_overriders.go
Unescape View File

@ -14,7 +14,7 @@ func validMappingOverride(m MappingOverride, ct credential.Type) bool {
switch m.(type) {
case nil:
return true // it is always valid to not specify a mapping override
case *UserPasswordOverride:
case *UsernamePasswordOverride:
return ct == credential.UsernamePasswordType
default:
return false // an unknown mapping override type is never valid
@ -22,7 +22,7 @@ func validMappingOverride(m MappingOverride, ct credential.Type) bool {
}
// A MappingOverride is an interface holding one of the mapping override
// types: UserPasswordOverride.
// types: UsernamePasswordOverride.
type MappingOverride interface {
clone() MappingOverride
setLibraryId(i string)
@ -34,23 +34,23 @@ type MappingOverride interface {
sanitize()
}
// A UserPasswordOverride contains optional values for overriding the
// default mappings used to map a Vault secret to a UserPassword credential
// A UsernamePasswordOverride contains optional values for overriding the
// default mappings used to map a Vault secret to a UsernamePassword credential
// type for the credential library that owns it.
type UserPasswordOverride struct {
*store.UserPasswordOverride
type UsernamePasswordOverride struct {
*store.UsernamePasswordOverride
tableName string `gorm:"-"`
}
var _ MappingOverride = (*UserPasswordOverride)(nil)
var _ MappingOverride = (*UsernamePasswordOverride)(nil)
// NewUserPasswordOverride creates a new in memory UserPasswordOverride.
// NewUsernamePasswordOverride creates a new in memory UsernamePasswordOverride.
// WithOverrideUsernameAttribute and WithOverridePasswordAttribute are the
// only valid options. All other options are ignored.
func NewUserPasswordOverride(opt ...Option) *UserPasswordOverride {
func NewUsernamePasswordOverride(opt ...Option) *UsernamePasswordOverride {
opts := getOpts(opt...)
o := &UserPasswordOverride{
UserPasswordOverride: &store.UserPasswordOverride{
o := &UsernamePasswordOverride{
UsernamePasswordOverride: &store.UsernamePasswordOverride{
UsernameAttribute: sanitize.String(opts.withOverrideUsernameAttribute),
PasswordAttribute: sanitize.String(opts.withOverridePasswordAttribute),
},
@ -58,24 +58,24 @@ func NewUserPasswordOverride(opt ...Option) *UserPasswordOverride {
return o
}
func allocUserPasswordOverride() *UserPasswordOverride {
return &UserPasswordOverride{
UserPasswordOverride: &store.UserPasswordOverride{},
func allocUsernamePasswordOverride() *UsernamePasswordOverride {
return &UsernamePasswordOverride{
UsernamePasswordOverride: &store.UsernamePasswordOverride{},
}
}
func (o *UserPasswordOverride) clone() MappingOverride {
cp := proto.Clone(o.UserPasswordOverride)
return &UserPasswordOverride{
UserPasswordOverride: cp.(*store.UserPasswordOverride),
func (o *UsernamePasswordOverride) clone() MappingOverride {
cp := proto.Clone(o.UsernamePasswordOverride)
return &UsernamePasswordOverride{
UsernamePasswordOverride: cp.(*store.UsernamePasswordOverride),
}
}
func (o *UserPasswordOverride) setLibraryId(i string) {
func (o *UsernamePasswordOverride) setLibraryId(i string) {
o.LibraryId = i
}
func (o *UserPasswordOverride) sanitize() {
func (o *UsernamePasswordOverride) sanitize() {
if sentinel.Is(o.UsernameAttribute) {
o.UsernameAttribute = ""
}
@ -85,14 +85,14 @@ func (o *UserPasswordOverride) sanitize() {
}
// TableName returns the table name.
func (o *UserPasswordOverride) TableName() string {
func (o *UsernamePasswordOverride) TableName() string {
if o.tableName != "" {
return o.tableName
}
return "credential_vault_library_user_password_mapping_override"
return "credential_vault_library_username_password_mapping_override"
}
// SetTableName sets the table name.
func (o *UserPasswordOverride) SetTableName(n string) {
func (o *UsernamePasswordOverride) SetTableName(n string) {
o.tableName = n
}

4
internal/credential/vault/mapping_overriders_test.go
Unescape View File

@ -48,12 +48,12 @@ func TestValidMappingOverrides(t *testing.T) {
want: false,
},
{
m: allocUserPasswordOverride(),
m: allocUsernamePasswordOverride(),
ct: credential.UnspecifiedType,
want: false,
},
{
m: allocUserPasswordOverride(),
m: allocUsernamePasswordOverride(),
ct: credential.UsernamePasswordType,
want: true,
},

4
internal/credential/vault/private_library.go
Unescape View File

@ -8,7 +8,7 @@ import (
"time"
"github.com/hashicorp/boundary/internal/credential"
"github.com/hashicorp/boundary/internal/credential/vault/internal/userpassword"
"github.com/hashicorp/boundary/internal/credential/vault/internal/usernamepassword"
"github.com/hashicorp/boundary/internal/db/timestamp"
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/kms"
@ -70,7 +70,7 @@ func baseToUsrPass(ctx context.Context, bc *baseCred) (*usrPassCred, error) {
if pAttr == "" {
pAttr = "password"
}
username, password := userpassword.Extract(bc.secretData, uAttr, pAttr)
username, password := usernamepassword.Extract(bc.secretData, uAttr, pAttr)
if username == "" || password == "" {
return nil, errors.E(ctx, errors.WithCode(errors.VaultInvalidCredentialMapping))
}

8
internal/credential/vault/private_library_test.go
Unescape View File

@ -130,7 +130,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
{
opts := []Option{
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithMappingOverride(NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("test-username"),
)),
}
@ -147,7 +147,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
{
opts := []Option{
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithMappingOverride(NewUsernamePasswordOverride(
WithOverridePasswordAttribute("test-password"),
)),
}
@ -164,7 +164,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
{
opts := []Option{
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithMappingOverride(NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("test-username"),
WithOverridePasswordAttribute("test-password"),
)),
@ -201,7 +201,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
assert.Equal(want.CredentialType(), got.CredentialType())
if mo := want.MappingOverride; mo != nil {
switch w := mo.(type) {
case *UserPasswordOverride:
case *UsernamePasswordOverride:
assert.Equal(w.UsernameAttribute, got.UsernameAttribute)
assert.Equal(w.PasswordAttribute, got.PasswordAttribute)
default:

2
internal/credential/vault/repository_credential_library.go
Unescape View File

@ -378,7 +378,7 @@ func (pl *publicLibrary) toCredentialLibrary() *CredentialLibrary {
cl.CredentialLibrary.CredentialType = pl.CredentialType
if pl.UsernameAttribute != "" || pl.PasswordAttribute != "" {
up := allocUserPasswordOverride()
up := allocUsernamePasswordOverride()
up.LibraryId = pl.PublicId
up.UsernameAttribute = pl.UsernameAttribute
up.PasswordAttribute = pl.PasswordAttribute

92
internal/credential/vault/repository_credential_library_test.go
Unescape View File

@ -165,7 +165,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type",
name: "valid-username-password-credential-type",
in: &CredentialLibrary{
CredentialLibrary: &store.CredentialLibrary{
StoreId: cs.GetPublicId(),
@ -199,7 +199,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
{
name: "invalid-mapping-override-type",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("test")),
MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test")),
CredentialLibrary: &store.CredentialLibrary{
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
@ -209,9 +209,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
wantErr: errors.VaultInvalidMappingOverride,
},
{
name: "valid-user-password-credential-type-with-username-override",
name: "valid-username-password-credential-type-with-username-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -222,7 +222,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -234,9 +234,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type-with-password-override",
name: "valid-username-password-credential-type-with-password-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverridePasswordAttribute("ptest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -247,7 +247,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverridePasswordAttribute("ptest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -259,9 +259,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type-with-username-and-password-override",
name: "valid-username-password-credential-type-with-username-and-password-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
WithOverridePasswordAttribute("ptest"),
),
@ -273,7 +273,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
},
},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
WithOverridePasswordAttribute("ptest"),
),
@ -319,8 +319,8 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
require.NotNil(got.MappingOverride)
assert.IsType(tt.want.MappingOverride, got.MappingOverride)
switch w := tt.want.MappingOverride.(type) {
case *UserPasswordOverride:
g, ok := got.MappingOverride.(*UserPasswordOverride)
case *UsernamePasswordOverride:
g, ok := got.MappingOverride.(*UsernamePasswordOverride)
require.True(ok)
assert.Equal(w.UsernameAttribute, g.UsernameAttribute)
assert.Equal(w.PasswordAttribute, g.PasswordAttribute)
@ -329,7 +329,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
}
// verify it was persisted in the database
override := allocUserPasswordOverride()
override := allocUsernamePasswordOverride()
assert.NoError(rw.LookupWhere(ctx, &override, "library_id = ?", []interface{}{got.GetPublicId()}))
}
})
@ -757,7 +757,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
{
name: "change-vault-path",
orig: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("orig-username")),
MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("orig-username")),
CredentialLibrary: &store.CredentialLibrary{
HttpMethod: "GET",
VaultPath: "/old/path",
@ -767,7 +767,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
chgFn: changeVaultPath("/new/path"),
masks: []string{vaultPathField},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("orig-username")),
MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("orig-username")),
CredentialLibrary: &store.CredentialLibrary{
HttpMethod: "GET",
VaultPath: "/new/path",
@ -929,9 +929,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
wantErr: errors.InvalidFieldMask,
},
{
name: "user-password-attributes-change-username-attribute",
name: "username-password-attributes-change-username-attribute",
orig: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),
@ -943,13 +943,13 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
},
},
chgFn: changeMappingOverride(
NewUserPasswordOverride(
NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
),
),
masks: []string{"MappingOverride"},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -962,9 +962,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
wantCount: 1,
},
{
name: "user-password-attributes-change-password-attribute",
name: "username-password-attributes-change-password-attribute",
orig: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),
@ -976,13 +976,13 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
},
},
chgFn: changeMappingOverride(
NewUserPasswordOverride(
NewUsernamePasswordOverride(
WithOverridePasswordAttribute("changed-password"),
),
),
masks: []string{"MappingOverride"},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverridePasswordAttribute("changed-password"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -995,9 +995,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
wantCount: 1,
},
{
name: "user-password-attributes-change-username-and-password-attributes",
name: "username-password-attributes-change-username-and-password-attributes",
orig: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),
@ -1009,14 +1009,14 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
},
},
chgFn: changeMappingOverride(
NewUserPasswordOverride(
NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
WithOverridePasswordAttribute("changed-password"),
),
),
masks: []string{"MappingOverride"},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
WithOverridePasswordAttribute("changed-password"),
),
@ -1040,14 +1040,14 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
},
},
chgFn: changeMappingOverride(
NewUserPasswordOverride(
NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
WithOverridePasswordAttribute("changed-password"),
),
),
masks: []string{"MappingOverride"},
want: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
WithOverridePasswordAttribute("changed-password"),
),
@ -1061,9 +1061,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
wantCount: 1,
},
{
name: "user-password-attributes-delete-mapping-override",
name: "username-password-attributes-delete-mapping-override",
orig: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),
@ -1096,7 +1096,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
},
},
chgFn: changeMappingOverride(
NewUserPasswordOverride(
NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("changed-username"),
WithOverridePasswordAttribute("changed-password"),
),
@ -1167,8 +1167,8 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
switch w := tt.want.MappingOverride.(type) {
case nil:
assert.Nil(got.MappingOverride)
case *UserPasswordOverride:
g, ok := got.MappingOverride.(*UserPasswordOverride)
case *UsernamePasswordOverride:
g, ok := got.MappingOverride.(*UsernamePasswordOverride)
require.True(ok)
assert.Equal(w.UsernameAttribute, g.UsernameAttribute)
assert.Equal(w.PasswordAttribute, g.PasswordAttribute)
@ -1318,7 +1318,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type",
name: "valid-username-password-credential-type",
in: &CredentialLibrary{
CredentialLibrary: &store.CredentialLibrary{
StoreId: cs.GetPublicId(),
@ -1329,9 +1329,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type-with-username-override",
name: "valid-username-password-credential-type-with-username-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -1343,9 +1343,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type-with-password-override",
name: "valid-username-password-credential-type-with-password-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverridePasswordAttribute("ptest"),
),
CredentialLibrary: &store.CredentialLibrary{
@ -1357,9 +1357,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
},
},
{
name: "valid-user-password-credential-type-with-username-and-password-override",
name: "valid-username-password-credential-type-with-username-and-password-override",
in: &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("utest"),
WithOverridePasswordAttribute("ptest"),
),
@ -1398,8 +1398,8 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
require.NotNil(got.MappingOverride)
assert.IsType(orig.MappingOverride, got.MappingOverride)
switch w := orig.MappingOverride.(type) {
case *UserPasswordOverride:
g, ok := got.MappingOverride.(*UserPasswordOverride)
case *UsernamePasswordOverride:
g, ok := got.MappingOverride.(*UsernamePasswordOverride)
require.True(ok)
assert.Equal(w.UsernameAttribute, g.UsernameAttribute)
assert.Equal(w.PasswordAttribute, g.PasswordAttribute)
@ -1519,7 +1519,7 @@ func TestRepository_DeleteCredentialLibrary(t *testing.T) {
_, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper))
cs := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 1)[0]
lib := &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),
@ -1563,7 +1563,7 @@ func TestRepository_ListCredentialLibraries(t *testing.T) {
_, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper))
cs := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 2)[0]
lib := &CredentialLibrary{
MappingOverride: NewUserPasswordOverride(
MappingOverride: NewUsernamePasswordOverride(
WithOverrideUsernameAttribute("orig-username"),
WithOverridePasswordAttribute("orig-password"),
),

8
internal/credential/vault/repository_credentials_test.go
Unescape View File

@ -45,7 +45,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
_, token := v.CreateToken(t, vault.WithPolicies([]string{"default", "boundary-controller", "database", "pki", "secret"}))
// Create valid user password KV secret
// Create valid username password KV secret
v.CreateKVSecret(t, "my-secret", []byte(`{"data":{"username":"user","password":"pass"}}`))
var opts []vault.Option
@ -142,7 +142,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
libPath := path.Join("database", "creds", "opened")
opts := []vault.Option{
vault.WithCredentialType(credential.UsernamePasswordType),
vault.WithMappingOverride(vault.NewUserPasswordOverride(
vault.WithMappingOverride(vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("test-username"),
vault.WithOverridePasswordAttribute("test-password"),
)),
@ -332,10 +332,10 @@ func TestRepository_IssueCredentials(t *testing.T) {
assert.NotEmpty(upc.Password())
break
}
assert.Fail("want UserPassword credential from library with credential type UsernamePassword")
assert.Fail("want UsernamePassword credential from library with credential type UsernamePassword")
case credential.UnspecifiedType:
if _, ok := dc.(credential.UsernamePassword); ok {
assert.Fail("do not want UserPassword credential from library with credential type Unspecified")
assert.Fail("do not want UsernamePassword credential from library with credential type Unspecified")
}
}
}

69
internal/credential/vault/store/vault.pb.go
Unescape View File

@ -787,7 +787,7 @@ func (x *Credential) GetStatus() string {
return ""
}
type UserPasswordOverride struct {
type UsernamePasswordOverride struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
@ -815,8 +815,8 @@ type UserPasswordOverride struct {
PasswordAttribute string `protobuf:"bytes,3,opt,name=password_attribute,json=passwordAttribute,proto3" json:"password_attribute,omitempty" gorm:"default:null"`
}
func (x *UserPasswordOverride) Reset() {
*x = UserPasswordOverride{}
func (x *UsernamePasswordOverride) Reset() {
*x = UsernamePasswordOverride{}
if protoimpl.UnsafeEnabled {
mi := &file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -824,13 +824,13 @@ func (x *UserPasswordOverride) Reset() {
}
}
func (x *UserPasswordOverride) String() string {
func (x *UsernamePasswordOverride) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UserPasswordOverride) ProtoMessage() {}
func (*UsernamePasswordOverride) ProtoMessage() {}
func (x *UserPasswordOverride) ProtoReflect() protoreflect.Message {
func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message {
mi := &file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -842,26 +842,26 @@ func (x *UserPasswordOverride) ProtoReflect() protoreflect.Message {
return mi.MessageOf(x)
}
// Deprecated: Use UserPasswordOverride.ProtoReflect.Descriptor instead.
func (*UserPasswordOverride) Descriptor() ([]byte, []int) {
// Deprecated: Use UsernamePasswordOverride.ProtoReflect.Descriptor instead.
func (*UsernamePasswordOverride) Descriptor() ([]byte, []int) {
return file_controller_storage_credential_vault_store_v1_vault_proto_rawDescGZIP(), []int{5}
}
func (x *UserPasswordOverride) GetLibraryId() string {
func (x *UsernamePasswordOverride) GetLibraryId() string {
if x != nil {
return x.LibraryId
}
return ""
}
func (x *UserPasswordOverride) GetUsernameAttribute() string {
func (x *UsernamePasswordOverride) GetUsernameAttribute() string {
if x != nil {
return x.UsernameAttribute
}
return ""
}
func (x *UserPasswordOverride) GetPasswordAttribute() string {
func (x *UsernamePasswordOverride) GetPasswordAttribute() string {
if x != nil {
return x.PasswordAttribute
}
@ -1065,21 +1065,22 @@ var file_controller_storage_credential_vault_store_v1_vault_proto_rawDesc = []by
0x0c, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0b, 0x20,
0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x62, 0x6c, 0x65,
0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x93, 0x01, 0x0a, 0x14, 0x55, 0x73, 0x65,
0x72, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64,
0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x49, 0x64,
0x12, 0x2d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x61, 0x74, 0x74,
0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x75, 0x73,
0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12,
0x2d, 0x0a, 0x12, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x61, 0x74, 0x74, 0x72,
0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x70, 0x61, 0x73,
0x73, 0x77, 0x6f, 0x72, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x42, 0x45,
0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f,
0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74,
0x69, 0x61, 0x6c, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3b,
0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x97, 0x01, 0x0a, 0x18, 0x55, 0x73, 0x65,
0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x4f, 0x76, 0x65,
0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79,
0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6c, 0x69, 0x62, 0x72, 0x61,
0x72, 0x79, 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65,
0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x11, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62,
0x75, 0x74, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f,
0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
0x11, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75,
0x74, 0x65, 0x42, 0x45, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64,
0x61, 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65,
0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x74,
0x6f, 0x72, 0x65, 0x3b, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
}
var (
@ -1096,13 +1097,13 @@ func file_controller_storage_credential_vault_store_v1_vault_proto_rawDescGZIP()
var file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
var file_controller_storage_credential_vault_store_v1_vault_proto_goTypes = []interface{}{
(*CredentialStore)(nil), // 0: controller.storage.credential.vault.store.v1.CredentialStore
(*Token)(nil), // 1: controller.storage.credential.vault.store.v1.Token
(*ClientCertificate)(nil), // 2: controller.storage.credential.vault.store.v1.ClientCertificate
(*CredentialLibrary)(nil), // 3: controller.storage.credential.vault.store.v1.CredentialLibrary
(*Credential)(nil), // 4: controller.storage.credential.vault.store.v1.Credential
(*UserPasswordOverride)(nil), // 5: controller.storage.credential.vault.store.v1.UserPasswordOverride
(*timestamp.Timestamp)(nil), // 6: controller.storage.timestamp.v1.Timestamp
(*CredentialStore)(nil), // 0: controller.storage.credential.vault.store.v1.CredentialStore
(*Token)(nil), // 1: controller.storage.credential.vault.store.v1.Token
(*ClientCertificate)(nil), // 2: controller.storage.credential.vault.store.v1.ClientCertificate
(*CredentialLibrary)(nil), // 3: controller.storage.credential.vault.store.v1.CredentialLibrary
(*Credential)(nil), // 4: controller.storage.credential.vault.store.v1.Credential
(*UsernamePasswordOverride)(nil), // 5: controller.storage.credential.vault.store.v1.UsernamePasswordOverride
(*timestamp.Timestamp)(nil), // 6: controller.storage.timestamp.v1.Timestamp
}
var file_controller_storage_credential_vault_store_v1_vault_proto_depIdxs = []int32{
6, // 0: controller.storage.credential.vault.store.v1.CredentialStore.create_time:type_name -> controller.storage.timestamp.v1.Timestamp
@ -1192,7 +1193,7 @@ func file_controller_storage_credential_vault_store_v1_vault_proto_init() {
}
}
file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UserPasswordOverride); i {
switch v := v.(*UsernamePasswordOverride); i {
case 0:
return &v.state
case 1:

10
internal/daemon/cluster/handlers/worker_service_test.go
Unescape View File

@ -74,16 +74,16 @@ func TestLookupSession(t *testing.T) {
creds := []*pbs.Credential{
{
Credential: &pbs.Credential_UserPassword{
UserPassword: &pbs.UserPassword{
Credential: &pbs.Credential_UsernamePassword{
UsernamePassword: &pbs.UsernamePassword{
Username: "username",
Password: "password",
},
},
},
{
Credential: &pbs.Credential_UserPassword{
UserPassword: &pbs.UserPassword{
Credential: &pbs.Credential_UsernamePassword{
UsernamePassword: &pbs.UsernamePassword{
Username: "another-username",
Password: "a different password",
},
@ -167,7 +167,7 @@ func TestLookupSession(t *testing.T) {
cmp.Diff(
tc.want,
got,
cmpopts.IgnoreUnexported(pbs.LookupSessionResponse{}, pbs.Credential{}, pbs.UserPassword{}),
cmpopts.IgnoreUnexported(pbs.LookupSessionResponse{}, pbs.Credential{}, pbs.UsernamePassword{}),
cmpopts.IgnoreFields(pbs.LookupSessionResponse{}, "Expiration", "Authorization"),
),
)

6
internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go
Unescape View File

@ -524,7 +524,7 @@ func toProto(in credential.Library, opt ...handlers.Option) (*pb.CredentialLibra
if outputFields.Has(globals.CredentialMappingOverridesField) && vaultIn.MappingOverride != nil {
m := make(map[string]interface{})
switch mapping := vaultIn.MappingOverride.(type) {
case *vault.UserPasswordOverride:
case *vault.UsernamePasswordOverride:
if mapping.UsernameAttribute != "" {
m[usernameAttribute] = mapping.UsernameAttribute
}
@ -590,7 +590,7 @@ func toStorageVaultLibrary(storeId string, in *pb.CredentialLibrary) (out *vault
mapOpts = append(mapOpts, vault.WithOverridePasswordAttribute(password.(string)))
}
if len(mapOpts) > 0 {
opts = append(opts, vault.WithMappingOverride(vault.NewUserPasswordOverride(mapOpts...)))
opts = append(opts, vault.WithMappingOverride(vault.NewUsernamePasswordOverride(mapOpts...)))
}
}
@ -736,7 +736,7 @@ func getMappingUpdates(credentialType credential.Type, current vault.MappingOver
switch credentialType {
case credential.UsernamePasswordType:
var currentUser, currentPass interface{}
if overrides, ok := current.(*vault.UserPasswordOverride); ok {
if overrides, ok := current.(*vault.UsernamePasswordOverride); ok {
currentUser = overrides.UsernameAttribute
currentPass = overrides.PasswordAttribute
}

24
internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go
Unescape View File

@ -609,7 +609,7 @@ func TestGet(t *testing.T) {
lib, err := vault.NewCredentialLibrary(store.GetPublicId(), "vault/path",
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("user"),
vault.WithOverridePasswordAttribute("pass"),
)))
@ -646,7 +646,7 @@ func TestGet(t *testing.T) {
},
},
{
name: "success-userpassword",
name: "success-UsernamePassword",
id: userPassLib.GetPublicId(),
res: &pbs.GetCredentialLibraryResponse{
Item: &pb.CredentialLibrary{
@ -901,11 +901,11 @@ func TestUpdate(t *testing.T) {
},
},
{
name: "user-password-attributes-change-username-attribute",
name: "username-password-attributes-change-username-attribute",
opts: []vault.Option{
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
vault.WithOverridePasswordAttribute("orig-pass"),
)),
@ -930,11 +930,11 @@ func TestUpdate(t *testing.T) {
},
},
{
name: "user-password-attributes-change-password-attribute",
name: "username-password-attributes-change-password-attribute",
opts: []vault.Option{
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
vault.WithOverridePasswordAttribute("orig-pass"),
)),
@ -959,11 +959,11 @@ func TestUpdate(t *testing.T) {
},
},
{
name: "user-password-attributes-change-username-and-password-attributes",
name: "username-password-attributes-change-username-and-password-attributes",
opts: []vault.Option{
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
vault.WithOverridePasswordAttribute("orig-pass"),
)),
@ -1021,11 +1021,11 @@ func TestUpdate(t *testing.T) {
},
},
{
name: "user-password-attributes-delete-mapping-override",
name: "username-password-attributes-delete-mapping-override",
opts: []vault.Option{
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
vault.WithOverridePasswordAttribute("orig-pass"),
)),
@ -1060,11 +1060,11 @@ func TestUpdate(t *testing.T) {
},
},
{
name: "user-password-attributes-delete-mapping-override-field-specific",
name: "username-password-attributes-delete-mapping-override-field-specific",
opts: []vault.Option{
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.NewUsernamePasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
vault.WithOverridePasswordAttribute("orig-pass"),
)),

12
internal/daemon/controller/handlers/targets/credentials.go
Unescape View File

@ -26,8 +26,8 @@ func dynamicToWorkerCredential(ctx context.Context, cred credential.Dynamic) (se
switch c := cred.(type) {
case credential.UsernamePassword:
workerCred = &serverpb.Credential{
Credential: &serverpb.Credential_UserPassword{
UserPassword: &serverpb.UserPassword{
Credential: &serverpb.Credential_UsernamePassword{
UsernamePassword: &serverpb.UsernamePassword{
Username: c.Username(),
Password: string(c.Password()),
},
@ -81,7 +81,7 @@ func dynamicToSessionCredential(ctx context.Context, cred credential.Dynamic) (*
switch c := cred.(type) {
case credential.UsernamePassword:
credData, err = handlers.ProtoToStruct(
&pb.UserPasswordCredential{
&pb.UsernamePasswordCredential{
Username: c.Username(),
Password: string(c.Password()),
},
@ -120,8 +120,8 @@ func staticToWorkerCredential(ctx context.Context, cred credential.Static) (sess
switch c := cred.(type) {
case *credstatic.UsernamePasswordCredential:
workerCred = &serverpb.Credential{
Credential: &serverpb.Credential_UserPassword{
UserPassword: &serverpb.UserPassword{
Credential: &serverpb.Credential_UsernamePassword{
UsernamePassword: &serverpb.UsernamePassword{
Username: c.GetUsername(),
Password: string(c.GetPassword()),
},
@ -150,7 +150,7 @@ func staticToSessionCredential(ctx context.Context, cred credential.Static) (*pb
var err error
credType = string(credential.UsernamePasswordType)
credData, err = handlers.ProtoToStruct(
&pb.UserPasswordCredential{
&pb.UsernamePasswordCredential{
Username: c.GetUsername(),
Password: string(c.GetPassword()),
},

34
internal/daemon/controller/handlers/targets/tcp/target_service_test.go
Unescape View File

@ -2684,10 +2684,10 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
defaultUserPass := v.CreateKVSecret(t, "default-userpass", []byte(`{"data": {"username": "my-user", "password": "my-pass"}}`))
require.NotNil(t, defaultUserPass)
clsRespUserPassword, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{
clsRespUsernamePassword, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{
CredentialStoreId: vaultStore.GetPublicId(),
Name: wrapperspb.String("Userpassword Library"),
Description: wrapperspb.String("Userpassword Library Description"),
Name: wrapperspb.String("Usernamepassword Library"),
Description: wrapperspb.String("Usernamepassword Library Description"),
Attrs: &credlibpb.CredentialLibrary_VaultCredentialLibraryAttributes{
VaultCredentialLibraryAttributes: &credlibpb.VaultCredentialLibraryAttributes{
Path: wrapperspb.String(path.Join("secret", "data", "default-userpass")),
@ -2715,10 +2715,10 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
nonDefaultUserPass := v.CreateKVSecret(t, "non-default-userpass", []byte(`{"data": {"non-default-user": "my-user", "non-default-pass": "my-pass"}}`))
require.NotNil(t, nonDefaultUserPass)
clsRespUserPasswordWithMapping, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{
clsRespUsernamePasswordWithMapping, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{
CredentialStoreId: vaultStore.GetPublicId(),
Name: wrapperspb.String("Userpassword Mapping Library"),
Description: wrapperspb.String("Userpassword Mapping Library Description"),
Name: wrapperspb.String("Usernamepassword Mapping Library"),
Description: wrapperspb.String("Usernamepassword Mapping Library Description"),
Attrs: &credlibpb.CredentialLibrary_VaultCredentialLibraryAttributes{
VaultCredentialLibraryAttributes: &credlibpb.VaultCredentialLibraryAttributes{
Path: wrapperspb.String(path.Join("secret", "data", "non-default-userpass")),
@ -2776,16 +2776,16 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
},
},
{
name: "vault-userpassword",
name: "vault-usernamepassword",
hostSourceId: shs.GetPublicId(),
credSourceId: clsRespUserPassword.GetItem().GetId(),
credSourceId: clsRespUsernamePassword.GetItem().GetId(),
wantedHostId: h.GetPublicId(),
wantedEndpoint: h.GetAddress(),
wantedCred: &pb.SessionCredential{
CredentialSource: &pb.CredentialSource{
Id: clsRespUserPassword.GetItem().GetId(),
Name: clsRespUserPassword.GetItem().GetName().GetValue(),
Description: clsRespUserPassword.GetItem().GetDescription().GetValue(),
Id: clsRespUsernamePassword.GetItem().GetId(),
Name: clsRespUsernamePassword.GetItem().GetName().GetValue(),
Description: clsRespUsernamePassword.GetItem().GetDescription().GetValue(),
CredentialStoreId: vaultStore.GetPublicId(),
Type: vault.Subtype.String(),
CredentialType: string(credential.UsernamePasswordType),
@ -2802,16 +2802,16 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
},
},
{
name: "vault-userpassword-with-mapping",
name: "vault-UsernamePassword-with-mapping",
hostSourceId: shs.GetPublicId(),
credSourceId: clsRespUserPasswordWithMapping.GetItem().GetId(),
credSourceId: clsRespUsernamePasswordWithMapping.GetItem().GetId(),
wantedHostId: h.GetPublicId(),
wantedEndpoint: h.GetAddress(),
wantedCred: &pb.SessionCredential{
CredentialSource: &pb.CredentialSource{
Id: clsRespUserPasswordWithMapping.GetItem().GetId(),
Name: clsRespUserPasswordWithMapping.GetItem().GetName().GetValue(),
Description: clsRespUserPasswordWithMapping.GetItem().GetDescription().GetValue(),
Id: clsRespUsernamePasswordWithMapping.GetItem().GetId(),
Name: clsRespUsernamePasswordWithMapping.GetItem().GetName().GetValue(),
Description: clsRespUsernamePasswordWithMapping.GetItem().GetDescription().GetValue(),
CredentialStoreId: vaultStore.GetPublicId(),
Type: vault.Subtype.String(),
CredentialType: string(credential.UsernamePasswordType),
@ -2828,7 +2828,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
},
},
{
name: "static-userpassword",
name: "static-UsernamePassword",
hostSourceId: shs.GetPublicId(),
credSourceId: credResp.GetItem().GetId(),
wantedHostId: h.GetPublicId(),

4
internal/daemon/worker/proxy/options_test.go
Unescape View File

@ -13,8 +13,8 @@ func Test_GetOpts(t *testing.T) {
t.Run("WithEgressCredentials", func(t *testing.T) {
assert := assert.New(t)
c := &serverpb.Credential{
Credential: &serverpb.Credential_UserPassword{
UserPassword: &serverpb.UserPassword{
Credential: &serverpb.Credential_UsernamePassword{
UsernamePassword: &serverpb.UsernamePassword{
Username: "user",
Password: "pass",
},

1
internal/db/schema/migrations/oss/postgres/22/04_vault_library_map_user_password.up.sql
Unescape View File

@ -1,5 +1,6 @@
begin;
-- Updated in 35/01_vault_library_map_username_password.up.sql
create table credential_vault_library_user_password_mapping_override (
library_id wt_public_id primary key
constraint credential_vault_library_fkey

1
internal/db/schema/migrations/oss/postgres/22/05_vault_private_library.up.sql
Unescape View File

@ -1,5 +1,6 @@
begin;
-- Updated in 35/02_vault_private_library.up.sql
-- Replaces view from 10/04_vault_credential.up.sql
drop view credential_vault_library_private;

12
internal/db/schema/migrations/oss/postgres/35/01_vault_library_map_username_password.up.sql
Unescape View File

@ -0,0 +1,12 @@
begin;
-- Renames table from 22/04_vault_library_map_user_password.up.sql
alter table credential_vault_library_user_password_mapping_override
rename to credential_vault_library_username_password_mapping_override;
comment on table credential_vault_library_username_password_mapping_override is
'credential_vault_library_username_password_mapping_override is a table '
'where each row represents a mapping that overrides the default mapping '
'from a generic vault secret to a username password credential type '
'for a vault credential library.';
commit;

69
internal/db/schema/migrations/oss/postgres/35/02_vault_private_library.up.sql
Unescape View File

@ -0,0 +1,69 @@
begin;
-- Replaces view from 22/05_vault_private_library.up.sql
drop view credential_vault_library_public;
drop view credential_vault_library_private;
create view credential_vault_library_private as
with
password_override (library_id, username_attribute, password_attribute) as (
select library_id,
nullif(username_attribute, wt_to_sentinel('no override')),
nullif(password_attribute, wt_to_sentinel('no override'))
from credential_vault_library_username_password_mapping_override
)
select library.public_id as public_id,
library.store_id as store_id,
library.name as name,
library.description as description,
library.create_time as create_time,
library.update_time as update_time,
library.version as version,
library.vault_path as vault_path,
library.http_method as http_method,
library.http_request_body as http_request_body,
library.credential_type as credential_type,
store.scope_id as scope_id,
store.vault_address as vault_address,
store.namespace as namespace,
store.ca_cert as ca_cert,
store.tls_server_name as tls_server_name,
store.tls_skip_verify as tls_skip_verify,
store.token_hmac as token_hmac,
store.ct_token as ct_token, -- encrypted
store.token_key_id as token_key_id,
store.client_cert as client_cert,
store.ct_client_key as ct_client_key, -- encrypted
store.client_key_id as client_key_id,
upasso.username_attribute as username_attribute,
upasso.password_attribute as password_attribute
from credential_vault_library library
join credential_vault_store_private store
on library.store_id = store.public_id
left join password_override upasso
on library.public_id = upasso.library_id
and store.token_status = 'current';
comment on view credential_vault_library_private is
'credential_vault_library_private is a view where each row contains a credential library and the credential library''s data needed to connect to Vault. '
'Each row may contain encrypted data. This view should not be used to retrieve data which will be returned external to boundary.';
create view credential_vault_library_public as
select public_id,
store_id,
name,
description,
create_time,
update_time,
version,
vault_path,
http_method,
http_request_body,
credential_type,
username_attribute,
password_attribute
from credential_vault_library_private;
comment on view credential_vault_library_public is
'credential_vault_library_public is a view where each row contains a credential library and any of library''s credential mapping overrides. '
'No encrypted data is returned. This view can be used to retrieve data which will be returned external to boundary.';
commit;

8
internal/db/sqltest/initdb.d/03_widgets_persona.sql
Unescape View File

@ -352,22 +352,22 @@ begin;
('vs_______wvs', 'vl______wvl6', 'widget vault kv four', 'None', '/secrets/kv/four', 'GET', 'username_password'),
('vs_______wvs', 'vl______wvl7', 'widget vault kv five', 'None', '/secrets/kv/five', 'GET', 'username_password');
insert into credential_vault_library_user_password_mapping_override
insert into credential_vault_library_username_password_mapping_override
(library_id)
values
('vl______wvl4');
insert into credential_vault_library_user_password_mapping_override
insert into credential_vault_library_username_password_mapping_override
(library_id, username_attribute)
values
('vl______wvl5', 'my_username');
insert into credential_vault_library_user_password_mapping_override
insert into credential_vault_library_username_password_mapping_override
(library_id, password_attribute)
values
('vl______wvl6', 'my_password');
insert into credential_vault_library_user_password_mapping_override
insert into credential_vault_library_username_password_mapping_override
(library_id, username_attribute, password_attribute)
values
('vl______wvl7', 'my_username', 'my_password');

22
internal/db/sqltest/tests/credential/vault/credential_vault_library_user_password_mapping_override.sql → internal/db/sqltest/tests/credential/vault/credential_vault_library_username_password_mapping_override.sql
Unescape View File

@ -1,4 +1,4 @@
-- credential_vault_library_user_password_mapping_override tests:
-- credential_vault_library_username_password_mapping_override tests:
-- the following triggers
-- insert_credential_vault_library_mapping_override_subtype
-- delete_credential_vault_library_mapping_override_subtype
@ -9,7 +9,7 @@ begin;
-- validate the setup data
select is(count(*), 4::bigint)
from credential_vault_library_user_password_mapping_override
from credential_vault_library_username_password_mapping_override
where library_id in ('vl______wvl4', 'vl______wvl5', 'vl______wvl6', 'vl______wvl7');
select is(count(*), 4::bigint)
@ -34,27 +34,27 @@ begin;
);
-- validate the insert triggers
select is(count(*), 0::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 0::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 0::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3';
prepare insert_credential_vault_library_user_password_mapping_override as
insert into credential_vault_library_user_password_mapping_override
prepare insert_credential_vault_library_username_password_mapping_override as
insert into credential_vault_library_username_password_mapping_override
(library_id, username_attribute, password_attribute)
values
('vl______wvl3', 'my_username', 'my_password');
select lives_ok('insert_credential_vault_library_user_password_mapping_override');
select lives_ok('insert_credential_vault_library_username_password_mapping_override');
select is(count(*), 1::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 1::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 1::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3';
-- validate the delete triggers
prepare delete_credential_vault_library_user_password_mapping_override as
prepare delete_credential_vault_library_username_password_mapping_override as
delete
from credential_vault_library_user_password_mapping_override
from credential_vault_library_username_password_mapping_override
where library_id = 'vl______wvl3';
select lives_ok('delete_credential_vault_library_user_password_mapping_override');
select lives_ok('delete_credential_vault_library_username_password_mapping_override');
select is(count(*), 0::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 0::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3';
select is(count(*), 0::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3';
select * from finish();

84
internal/gen/controller/servers/services/credential.pb.go
Unescape View File

@ -26,7 +26,7 @@ type Credential struct {
unknownFields protoimpl.UnknownFields
// Types that are assignable to Credential:
// *Credential_UserPassword
// *Credential_UsernamePassword
Credential isCredential_Credential `protobuf_oneof:"credential"`
}
@ -69,9 +69,9 @@ func (m *Credential) GetCredential() isCredential_Credential {
return nil
}
func (x *Credential) GetUserPassword() *UserPassword {
if x, ok := x.GetCredential().(*Credential_UserPassword); ok {
return x.UserPassword
func (x *Credential) GetUsernamePassword() *UsernamePassword {
if x, ok := x.GetCredential().(*Credential_UsernamePassword); ok {
return x.UsernamePassword
}
return nil
}
@ -80,14 +80,14 @@ type isCredential_Credential interface {
isCredential_Credential()
}
type Credential_UserPassword struct {
UserPassword *UserPassword `protobuf:"bytes,1,opt,name=user_password,json=userPassword,proto3,oneof"`
type Credential_UsernamePassword struct {
UsernamePassword *UsernamePassword `protobuf:"bytes,2,opt,name=username_password,json=usernamePassword,proto3,oneof"`
}
func (*Credential_UserPassword) isCredential_Credential() {}
func (*Credential_UsernamePassword) isCredential_Credential() {}
// UserPassword is a credential containing a username and a password.
type UserPassword struct {
// UsernamePassword is a credential containing a username and a password.
type UsernamePassword struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
@ -98,8 +98,8 @@ type UserPassword struct {
Password string `protobuf:"bytes,20,opt,name=password,proto3" json:"password,omitempty"` // @gotags: `class:"secret"`
}
func (x *UserPassword) Reset() {
*x = UserPassword{}
func (x *UsernamePassword) Reset() {
*x = UsernamePassword{}
if protoimpl.UnsafeEnabled {
mi := &file_controller_servers_services_v1_credential_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -107,13 +107,13 @@ func (x *UserPassword) Reset() {
}
}
func (x *UserPassword) String() string {
func (x *UsernamePassword) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UserPassword) ProtoMessage() {}
func (*UsernamePassword) ProtoMessage() {}
func (x *UserPassword) ProtoReflect() protoreflect.Message {
func (x *UsernamePassword) ProtoReflect() protoreflect.Message {
mi := &file_controller_servers_services_v1_credential_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -125,19 +125,19 @@ func (x *UserPassword) ProtoReflect() protoreflect.Message {
return mi.MessageOf(x)
}
// Deprecated: Use UserPassword.ProtoReflect.Descriptor instead.
func (*UserPassword) Descriptor() ([]byte, []int) {
// Deprecated: Use UsernamePassword.ProtoReflect.Descriptor instead.
func (*UsernamePassword) Descriptor() ([]byte, []int) {
return file_controller_servers_services_v1_credential_proto_rawDescGZIP(), []int{1}
}
func (x *UserPassword) GetUsername() string {
func (x *UsernamePassword) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *UserPassword) GetPassword() string {
func (x *UsernamePassword) GetPassword() string {
if x != nil {
return x.Password
}
@ -152,24 +152,26 @@ var file_controller_servers_services_v1_credential_proto_rawDesc = []byte{
0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x12, 0x1e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65,
0x72, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76,
0x31, 0x22, 0x6f, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12,
0x53, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c,
0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x73, 0x65, 0x72, 0x76,
0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73,
0x77, 0x6f, 0x72, 0x64, 0x48, 0x00, 0x52, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73,
0x77, 0x6f, 0x72, 0x64, 0x42, 0x0c, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69,
0x61, 0x6c, 0x22, 0x46, 0x0a, 0x0c, 0x55, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a,
0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09,
0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x51, 0x5a, 0x4f, 0x67, 0x69,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65,
0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c,
0x6c, 0x65, 0x72, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2f, 0x73, 0x65, 0x72, 0x76,
0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x62, 0x06, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x33,
0x31, 0x22, 0x90, 0x01, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c,
0x12, 0x5f, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x73,
0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x63, 0x6f,
0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65,
0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x48, 0x00, 0x52,
0x10, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72,
0x64, 0x42, 0x0c, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4a,
0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x0d, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x61, 0x73, 0x73,
0x77, 0x6f, 0x72, 0x64, 0x22, 0x4a, 0x0a, 0x10, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65,
0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72,
0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72,
0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
0x42, 0x51, 0x5a, 0x4f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68,
0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72,
0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x63,
0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72,
0x73, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, 0x69,
0x63, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -186,11 +188,11 @@ func file_controller_servers_services_v1_credential_proto_rawDescGZIP() []byte {
var file_controller_servers_services_v1_credential_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
var file_controller_servers_services_v1_credential_proto_goTypes = []interface{}{
(*Credential)(nil), // 0: controller.servers.services.v1.Credential
(*UserPassword)(nil), // 1: controller.servers.services.v1.UserPassword
(*Credential)(nil), // 0: controller.servers.services.v1.Credential
(*UsernamePassword)(nil), // 1: controller.servers.services.v1.UsernamePassword
}
var file_controller_servers_services_v1_credential_proto_depIdxs = []int32{
1, // 0: controller.servers.services.v1.Credential.user_password:type_name -> controller.servers.services.v1.UserPassword
1, // 0: controller.servers.services.v1.Credential.username_password:type_name -> controller.servers.services.v1.UsernamePassword
1, // [1:1] is the sub-list for method output_type
1, // [1:1] is the sub-list for method input_type
1, // [1:1] is the sub-list for extension type_name
@ -217,7 +219,7 @@ func file_controller_servers_services_v1_credential_proto_init() {
}
}
file_controller_servers_services_v1_credential_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UserPassword); i {
switch v := v.(*UsernamePassword); i {
case 0:
return &v.state
case 1:
@ -230,7 +232,7 @@ func file_controller_servers_services_v1_credential_proto_init() {
}
}
file_controller_servers_services_v1_credential_proto_msgTypes[0].OneofWrappers = []interface{}{
(*Credential_UserPassword)(nil),
(*Credential_UsernamePassword)(nil),
}
type x struct{}
out := protoimpl.TypeBuilder{

4
internal/proto/controller/api/resources/targets/v1/target.proto
Unescape View File

@ -280,8 +280,8 @@ message SessionAuthorization {
repeated SessionCredential credentials = 110 [json_name = "credentials"];
}
// The layout of the struct for "credential" field in SessionCredential for a user_password credential type.
message UserPasswordCredential {
// The layout of the struct for "credential" field in SessionCredential for a username_password credential type.
message UsernamePasswordCredential {
// Username of the credential
string username = 1; // @gotags: `class:"sensitive"`

9
internal/proto/controller/servers/services/v1/credential.proto
Unescape View File

@ -5,13 +5,16 @@ package controller.servers.services.v1;
option go_package = "github.com/hashicorp/boundary/internal/gen/controller/servers/services;services";
message Credential {
reserved 1;
reserved "user_password";
oneof credential {
UserPassword user_password = 1;
UsernamePassword username_password = 2;
}
}
// UserPassword is a credential containing a username and a password.
message UserPassword {
// UsernamePassword is a credential containing a username and a password.
message UsernamePassword {
// The username of the credential
string username = 10; // @gotags: `class:"public"`

2
internal/proto/controller/storage/credential/vault/store/v1/vault.proto
Unescape View File

@ -319,7 +319,7 @@ message Credential {
string status = 12;
}
message UserPasswordOverride {
message UsernamePasswordOverride {
// library_id of the owning vault credential library.
// @inject_tag: `gorm:"primary_key"`
string library_id = 1;

82
sdk/pbs/controller/api/resources/targets/target.pb.go
Unescape View File

@ -1008,8 +1008,8 @@ func (x *SessionAuthorization) GetCredentials() []*SessionCredential {
return nil
}
// The layout of the struct for "credential" field in SessionCredential for a user_password credential type.
type UserPasswordCredential struct {
// The layout of the struct for "credential" field in SessionCredential for a username_password credential type.
type UsernamePasswordCredential struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
@ -1020,8 +1020,8 @@ type UserPasswordCredential struct {
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" class:"secret"` // @gotags: `class:"secret"`
}
func (x *UserPasswordCredential) Reset() {
*x = UserPasswordCredential{}
func (x *UsernamePasswordCredential) Reset() {
*x = UsernamePasswordCredential{}
if protoimpl.UnsafeEnabled {
mi := &file_controller_api_resources_targets_v1_target_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -1029,13 +1029,13 @@ func (x *UserPasswordCredential) Reset() {
}
}
func (x *UserPasswordCredential) String() string {
func (x *UsernamePasswordCredential) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UserPasswordCredential) ProtoMessage() {}
func (*UsernamePasswordCredential) ProtoMessage() {}
func (x *UserPasswordCredential) ProtoReflect() protoreflect.Message {
func (x *UsernamePasswordCredential) ProtoReflect() protoreflect.Message {
mi := &file_controller_api_resources_targets_v1_target_proto_msgTypes[10]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@ -1047,19 +1047,19 @@ func (x *UserPasswordCredential) ProtoReflect() protoreflect.Message {
return mi.MessageOf(x)
}
// Deprecated: Use UserPasswordCredential.ProtoReflect.Descriptor instead.
func (*UserPasswordCredential) Descriptor() ([]byte, []int) {
// Deprecated: Use UsernamePasswordCredential.ProtoReflect.Descriptor instead.
func (*UsernamePasswordCredential) Descriptor() ([]byte, []int) {
return file_controller_api_resources_targets_v1_target_proto_rawDescGZIP(), []int{10}
}
func (x *UserPasswordCredential) GetUsername() string {
func (x *UsernamePasswordCredential) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *UserPasswordCredential) GetPassword() string {
func (x *UsernamePasswordCredential) GetPassword() string {
if x != nil {
return x.Password
}
@ -1321,18 +1321,18 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{
0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74,
0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
0x6e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x65,
0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x50, 0x0a, 0x16, 0x55, 0x73, 0x65, 0x72,
0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69,
0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a,
0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50, 0x5a, 0x4e, 0x67, 0x69,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f,
0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x73, 0x64, 0x6b, 0x2f,
0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x61,
0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x74, 0x61, 0x72,
0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x62, 0x06, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x33,
0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x54, 0x0a, 0x1a, 0x55, 0x73, 0x65, 0x72,
0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64,
0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61,
0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61,
0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02,
0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50,
0x5a, 0x4e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73,
0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f,
0x73, 0x64, 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c,
0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73,
0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73,
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -1349,23 +1349,23 @@ func file_controller_api_resources_targets_v1_target_proto_rawDescGZIP() []byte
var file_controller_api_resources_targets_v1_target_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
var file_controller_api_resources_targets_v1_target_proto_goTypes = []interface{}{
(*HostSource)(nil), // 0: controller.api.resources.targets.v1.HostSource
(*HostSet)(nil), // 1: controller.api.resources.targets.v1.HostSet
(*CredentialSource)(nil), // 2: controller.api.resources.targets.v1.CredentialSource
(*SessionSecret)(nil), // 3: controller.api.resources.targets.v1.SessionSecret
(*SessionCredential)(nil), // 4: controller.api.resources.targets.v1.SessionCredential
(*Target)(nil), // 5: controller.api.resources.targets.v1.Target
(*TcpTargetAttributes)(nil), // 6: controller.api.resources.targets.v1.TcpTargetAttributes
(*WorkerInfo)(nil), // 7: controller.api.resources.targets.v1.WorkerInfo
(*SessionAuthorizationData)(nil), // 8: controller.api.resources.targets.v1.SessionAuthorizationData
(*SessionAuthorization)(nil), // 9: controller.api.resources.targets.v1.SessionAuthorization
(*UserPasswordCredential)(nil), // 10: controller.api.resources.targets.v1.UserPasswordCredential
(*structpb.Struct)(nil), // 11: google.protobuf.Struct
(*scopes.ScopeInfo)(nil), // 12: controller.api.resources.scopes.v1.ScopeInfo
(*wrapperspb.StringValue)(nil), // 13: google.protobuf.StringValue
(*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp
(*wrapperspb.UInt32Value)(nil), // 15: google.protobuf.UInt32Value
(*wrapperspb.Int32Value)(nil), // 16: google.protobuf.Int32Value
(*HostSource)(nil), // 0: controller.api.resources.targets.v1.HostSource
(*HostSet)(nil), // 1: controller.api.resources.targets.v1.HostSet
(*CredentialSource)(nil), // 2: controller.api.resources.targets.v1.CredentialSource
(*SessionSecret)(nil), // 3: controller.api.resources.targets.v1.SessionSecret
(*SessionCredential)(nil), // 4: controller.api.resources.targets.v1.SessionCredential
(*Target)(nil), // 5: controller.api.resources.targets.v1.Target
(*TcpTargetAttributes)(nil), // 6: controller.api.resources.targets.v1.TcpTargetAttributes
(*WorkerInfo)(nil), // 7: controller.api.resources.targets.v1.WorkerInfo
(*SessionAuthorizationData)(nil), // 8: controller.api.resources.targets.v1.SessionAuthorizationData
(*SessionAuthorization)(nil), // 9: controller.api.resources.targets.v1.SessionAuthorization
(*UsernamePasswordCredential)(nil), // 10: controller.api.resources.targets.v1.UsernamePasswordCredential
(*structpb.Struct)(nil), // 11: google.protobuf.Struct
(*scopes.ScopeInfo)(nil), // 12: controller.api.resources.scopes.v1.ScopeInfo
(*wrapperspb.StringValue)(nil), // 13: google.protobuf.StringValue
(*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp
(*wrapperspb.UInt32Value)(nil), // 15: google.protobuf.UInt32Value
(*wrapperspb.Int32Value)(nil), // 16: google.protobuf.Int32Value
}
var file_controller_api_resources_targets_v1_target_proto_depIdxs = []int32{
11, // 0: controller.api.resources.targets.v1.SessionSecret.decoded:type_name -> google.protobuf.Struct
@ -1527,7 +1527,7 @@ func file_controller_api_resources_targets_v1_target_proto_init() {
}
}
file_controller_api_resources_targets_v1_target_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UserPasswordCredential); i {
switch v := v.(*UsernamePasswordCredential); i {
case 0:
return &v.state
case 1:

Write Preview
Loading…
Cancel
Save