diff --git a/internal/cmd/commands/credentialscmd/funcs.go b/internal/cmd/commands/credentialscmd/funcs.go index ca3bd25f48..dc061be8cf 100644 --- a/internal/cmd/commands/credentialscmd/funcs.go +++ b/internal/cmd/commands/credentialscmd/funcs.go @@ -42,7 +42,7 @@ func (c *Command) extraHelpFunc(helpMap map[string]func() string) string { "", " This command allows update operations on Boundary credential resources. Example:", "", - " Update a user password credential:", + " Update a username password credential:", "", ` $ boundary credentials update username-password -id cred_1234567890 -name devops -description "For DevOps usage"`, "", diff --git a/internal/cmd/commands/credentialscmd/username_password_funcs.go b/internal/cmd/commands/credentialscmd/username_password_funcs.go index a950e4a9da..fd6b0cf894 100644 --- a/internal/cmd/commands/credentialscmd/username_password_funcs.go +++ b/internal/cmd/commands/credentialscmd/username_password_funcs.go @@ -33,7 +33,7 @@ func extraUsernamePasswordActionsFlagsMapFuncImpl() map[string][]string { } func extraUsernamePasswordFlagsFuncImpl(c *UsernamePasswordCommand, set *base.FlagSets, _ *base.FlagSet) { - f := set.NewFlagSet("User Password Credential Options") + f := set.NewFlagSet("Username Password Credential Options") for _, name := range flagsUsernamePasswordMap[c.Func] { switch name { @@ -75,7 +75,7 @@ func (c *UsernamePasswordCommand) extraUsernamePasswordHelpFunc(_ map[string]fun helpStr = base.WrapForHelpText([]string{ "Usage: boundary credentials create username-password -credential-store-id [options] [args]", "", - " Create a user password credential. Example:", + " Create a username password credential. Example:", "", ` $ boundary credentials create username-password -credential-store-id csvlt_1234567890 -username user -password pass`, "", @@ -84,9 +84,9 @@ func (c *UsernamePasswordCommand) extraUsernamePasswordHelpFunc(_ map[string]fun case "update": helpStr = base.WrapForHelpText([]string{ - "Usage: boundary credentials update user password [options] [args]", + "Usage: boundary credentials update username-password [options] [args]", "", - " Update a user password credential given its ID. Example:", + " Update a username password credential given its ID. Example:", "", ` $ boundary credentials update username-password -id clvlt_1234567890 -name devops -description "For DevOps usage"`, "", diff --git a/internal/credential/static/testing.go b/internal/credential/static/testing.go index 9db96217df..726bb89049 100644 --- a/internal/credential/static/testing.go +++ b/internal/credential/static/testing.go @@ -64,7 +64,7 @@ func TestCredentialStores(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, s return css } -// TestUsernamePasswordCredential creates a user password credential in the provided DB with +// TestUsernamePasswordCredential creates a username password credential in the provided DB with // the provided scope and any values passed in through. // If any errors are encountered during the creation of the store, the test will fail. func TestUsernamePasswordCredential( @@ -105,7 +105,7 @@ func TestUsernamePasswordCredential( return cred } -// TestUsernamePasswordCredentials creates count number of user password credentials in +// TestUsernamePasswordCredentials creates count number of username password credentials in // the provided DB with the provided scope id. If any errors are // encountered during the creation of the credentials, the test will fail. func TestUsernamePasswordCredentials( diff --git a/internal/credential/vault/credential_library_test.go b/internal/credential/vault/credential_library_test.go index b4eb68c1ff..83ad19d607 100644 --- a/internal/credential/vault/credential_library_test.go +++ b/internal/credential/vault/credential_library_test.go @@ -234,11 +234,11 @@ func TestCredentialLibrary_New(t *testing.T) { opts: []Option{ WithMethod(MethodGet), WithCredentialType(credential.UsernamePasswordType), - WithMappingOverride(NewUserPasswordOverride(WithOverrideUsernameAttribute("test"))), + WithMappingOverride(NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test"))), }, }, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("test")), + MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test")), CredentialLibrary: &store.CredentialLibrary{ StoreId: cs.PublicId, VaultPath: "vault/path", diff --git a/internal/credential/vault/internal/usernamepassword/doc.go b/internal/credential/vault/internal/usernamepassword/doc.go new file mode 100644 index 0000000000..4c35eab396 --- /dev/null +++ b/internal/credential/vault/internal/usernamepassword/doc.go @@ -0,0 +1,3 @@ +// Package usernamepassword provides access to the username and password +// stored in a Vault secret. +package usernamepassword diff --git a/internal/credential/vault/internal/userpassword/userpassword.go b/internal/credential/vault/internal/usernamepassword/usernamepassword.go similarity index 99% rename from internal/credential/vault/internal/userpassword/userpassword.go rename to internal/credential/vault/internal/usernamepassword/usernamepassword.go index 3f04ab0965..6a3f66cd19 100644 --- a/internal/credential/vault/internal/userpassword/userpassword.go +++ b/internal/credential/vault/internal/usernamepassword/usernamepassword.go @@ -1,4 +1,4 @@ -package userpassword +package usernamepassword type ( data map[string]interface{} diff --git a/internal/credential/vault/internal/userpassword/userpassword_test.go b/internal/credential/vault/internal/usernamepassword/usernamepassword_test.go similarity index 99% rename from internal/credential/vault/internal/userpassword/userpassword_test.go rename to internal/credential/vault/internal/usernamepassword/usernamepassword_test.go index 3a6fcae7ab..809e99c864 100644 --- a/internal/credential/vault/internal/userpassword/userpassword_test.go +++ b/internal/credential/vault/internal/usernamepassword/usernamepassword_test.go @@ -1,4 +1,4 @@ -package userpassword +package usernamepassword import ( "testing" diff --git a/internal/credential/vault/internal/userpassword/doc.go b/internal/credential/vault/internal/userpassword/doc.go deleted file mode 100644 index 13c2b42649..0000000000 --- a/internal/credential/vault/internal/userpassword/doc.go +++ /dev/null @@ -1,3 +0,0 @@ -// Package userpassword provides access to the username and password -// stored in a Vault secret. -package userpassword diff --git a/internal/credential/vault/mapping_overriders.go b/internal/credential/vault/mapping_overriders.go index 29d1d8e13a..929a355a62 100644 --- a/internal/credential/vault/mapping_overriders.go +++ b/internal/credential/vault/mapping_overriders.go @@ -14,7 +14,7 @@ func validMappingOverride(m MappingOverride, ct credential.Type) bool { switch m.(type) { case nil: return true // it is always valid to not specify a mapping override - case *UserPasswordOverride: + case *UsernamePasswordOverride: return ct == credential.UsernamePasswordType default: return false // an unknown mapping override type is never valid @@ -22,7 +22,7 @@ func validMappingOverride(m MappingOverride, ct credential.Type) bool { } // A MappingOverride is an interface holding one of the mapping override -// types: UserPasswordOverride. +// types: UsernamePasswordOverride. type MappingOverride interface { clone() MappingOverride setLibraryId(i string) @@ -34,23 +34,23 @@ type MappingOverride interface { sanitize() } -// A UserPasswordOverride contains optional values for overriding the -// default mappings used to map a Vault secret to a UserPassword credential +// A UsernamePasswordOverride contains optional values for overriding the +// default mappings used to map a Vault secret to a UsernamePassword credential // type for the credential library that owns it. -type UserPasswordOverride struct { - *store.UserPasswordOverride +type UsernamePasswordOverride struct { + *store.UsernamePasswordOverride tableName string `gorm:"-"` } -var _ MappingOverride = (*UserPasswordOverride)(nil) +var _ MappingOverride = (*UsernamePasswordOverride)(nil) -// NewUserPasswordOverride creates a new in memory UserPasswordOverride. +// NewUsernamePasswordOverride creates a new in memory UsernamePasswordOverride. // WithOverrideUsernameAttribute and WithOverridePasswordAttribute are the // only valid options. All other options are ignored. -func NewUserPasswordOverride(opt ...Option) *UserPasswordOverride { +func NewUsernamePasswordOverride(opt ...Option) *UsernamePasswordOverride { opts := getOpts(opt...) - o := &UserPasswordOverride{ - UserPasswordOverride: &store.UserPasswordOverride{ + o := &UsernamePasswordOverride{ + UsernamePasswordOverride: &store.UsernamePasswordOverride{ UsernameAttribute: sanitize.String(opts.withOverrideUsernameAttribute), PasswordAttribute: sanitize.String(opts.withOverridePasswordAttribute), }, @@ -58,24 +58,24 @@ func NewUserPasswordOverride(opt ...Option) *UserPasswordOverride { return o } -func allocUserPasswordOverride() *UserPasswordOverride { - return &UserPasswordOverride{ - UserPasswordOverride: &store.UserPasswordOverride{}, +func allocUsernamePasswordOverride() *UsernamePasswordOverride { + return &UsernamePasswordOverride{ + UsernamePasswordOverride: &store.UsernamePasswordOverride{}, } } -func (o *UserPasswordOverride) clone() MappingOverride { - cp := proto.Clone(o.UserPasswordOverride) - return &UserPasswordOverride{ - UserPasswordOverride: cp.(*store.UserPasswordOverride), +func (o *UsernamePasswordOverride) clone() MappingOverride { + cp := proto.Clone(o.UsernamePasswordOverride) + return &UsernamePasswordOverride{ + UsernamePasswordOverride: cp.(*store.UsernamePasswordOverride), } } -func (o *UserPasswordOverride) setLibraryId(i string) { +func (o *UsernamePasswordOverride) setLibraryId(i string) { o.LibraryId = i } -func (o *UserPasswordOverride) sanitize() { +func (o *UsernamePasswordOverride) sanitize() { if sentinel.Is(o.UsernameAttribute) { o.UsernameAttribute = "" } @@ -85,14 +85,14 @@ func (o *UserPasswordOverride) sanitize() { } // TableName returns the table name. -func (o *UserPasswordOverride) TableName() string { +func (o *UsernamePasswordOverride) TableName() string { if o.tableName != "" { return o.tableName } - return "credential_vault_library_user_password_mapping_override" + return "credential_vault_library_username_password_mapping_override" } // SetTableName sets the table name. -func (o *UserPasswordOverride) SetTableName(n string) { +func (o *UsernamePasswordOverride) SetTableName(n string) { o.tableName = n } diff --git a/internal/credential/vault/mapping_overriders_test.go b/internal/credential/vault/mapping_overriders_test.go index a7f35e9807..f2bf2ac55e 100644 --- a/internal/credential/vault/mapping_overriders_test.go +++ b/internal/credential/vault/mapping_overriders_test.go @@ -48,12 +48,12 @@ func TestValidMappingOverrides(t *testing.T) { want: false, }, { - m: allocUserPasswordOverride(), + m: allocUsernamePasswordOverride(), ct: credential.UnspecifiedType, want: false, }, { - m: allocUserPasswordOverride(), + m: allocUsernamePasswordOverride(), ct: credential.UsernamePasswordType, want: true, }, diff --git a/internal/credential/vault/private_library.go b/internal/credential/vault/private_library.go index ba05a45c35..cb361a4105 100644 --- a/internal/credential/vault/private_library.go +++ b/internal/credential/vault/private_library.go @@ -8,7 +8,7 @@ import ( "time" "github.com/hashicorp/boundary/internal/credential" - "github.com/hashicorp/boundary/internal/credential/vault/internal/userpassword" + "github.com/hashicorp/boundary/internal/credential/vault/internal/usernamepassword" "github.com/hashicorp/boundary/internal/db/timestamp" "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/kms" @@ -70,7 +70,7 @@ func baseToUsrPass(ctx context.Context, bc *baseCred) (*usrPassCred, error) { if pAttr == "" { pAttr = "password" } - username, password := userpassword.Extract(bc.secretData, uAttr, pAttr) + username, password := usernamepassword.Extract(bc.secretData, uAttr, pAttr) if username == "" || password == "" { return nil, errors.E(ctx, errors.WithCode(errors.VaultInvalidCredentialMapping)) } diff --git a/internal/credential/vault/private_library_test.go b/internal/credential/vault/private_library_test.go index 76bdb94f4b..c54357032d 100644 --- a/internal/credential/vault/private_library_test.go +++ b/internal/credential/vault/private_library_test.go @@ -130,7 +130,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { { opts := []Option{ WithCredentialType(credential.UsernamePasswordType), - WithMappingOverride(NewUserPasswordOverride( + WithMappingOverride(NewUsernamePasswordOverride( WithOverrideUsernameAttribute("test-username"), )), } @@ -147,7 +147,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { { opts := []Option{ WithCredentialType(credential.UsernamePasswordType), - WithMappingOverride(NewUserPasswordOverride( + WithMappingOverride(NewUsernamePasswordOverride( WithOverridePasswordAttribute("test-password"), )), } @@ -164,7 +164,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { { opts := []Option{ WithCredentialType(credential.UsernamePasswordType), - WithMappingOverride(NewUserPasswordOverride( + WithMappingOverride(NewUsernamePasswordOverride( WithOverrideUsernameAttribute("test-username"), WithOverridePasswordAttribute("test-password"), )), @@ -201,7 +201,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.Equal(want.CredentialType(), got.CredentialType()) if mo := want.MappingOverride; mo != nil { switch w := mo.(type) { - case *UserPasswordOverride: + case *UsernamePasswordOverride: assert.Equal(w.UsernameAttribute, got.UsernameAttribute) assert.Equal(w.PasswordAttribute, got.PasswordAttribute) default: diff --git a/internal/credential/vault/repository_credential_library.go b/internal/credential/vault/repository_credential_library.go index c7185aad60..f16a6dfdfd 100644 --- a/internal/credential/vault/repository_credential_library.go +++ b/internal/credential/vault/repository_credential_library.go @@ -378,7 +378,7 @@ func (pl *publicLibrary) toCredentialLibrary() *CredentialLibrary { cl.CredentialLibrary.CredentialType = pl.CredentialType if pl.UsernameAttribute != "" || pl.PasswordAttribute != "" { - up := allocUserPasswordOverride() + up := allocUsernamePasswordOverride() up.LibraryId = pl.PublicId up.UsernameAttribute = pl.UsernameAttribute up.PasswordAttribute = pl.PasswordAttribute diff --git a/internal/credential/vault/repository_credential_library_test.go b/internal/credential/vault/repository_credential_library_test.go index 6676f973cc..f383a6ce56 100644 --- a/internal/credential/vault/repository_credential_library_test.go +++ b/internal/credential/vault/repository_credential_library_test.go @@ -165,7 +165,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type", + name: "valid-username-password-credential-type", in: &CredentialLibrary{ CredentialLibrary: &store.CredentialLibrary{ StoreId: cs.GetPublicId(), @@ -199,7 +199,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { { name: "invalid-mapping-override-type", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("test")), + MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("test")), CredentialLibrary: &store.CredentialLibrary{ StoreId: cs.GetPublicId(), HttpMethod: "GET", @@ -209,9 +209,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { wantErr: errors.VaultInvalidMappingOverride, }, { - name: "valid-user-password-credential-type-with-username-override", + name: "valid-username-password-credential-type-with-username-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -222,7 +222,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -234,9 +234,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type-with-password-override", + name: "valid-username-password-credential-type-with-password-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverridePasswordAttribute("ptest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -247,7 +247,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverridePasswordAttribute("ptest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -259,9 +259,9 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type-with-username-and-password-override", + name: "valid-username-password-credential-type-with-username-and-password-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), WithOverridePasswordAttribute("ptest"), ), @@ -273,7 +273,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { }, }, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), WithOverridePasswordAttribute("ptest"), ), @@ -319,8 +319,8 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { require.NotNil(got.MappingOverride) assert.IsType(tt.want.MappingOverride, got.MappingOverride) switch w := tt.want.MappingOverride.(type) { - case *UserPasswordOverride: - g, ok := got.MappingOverride.(*UserPasswordOverride) + case *UsernamePasswordOverride: + g, ok := got.MappingOverride.(*UsernamePasswordOverride) require.True(ok) assert.Equal(w.UsernameAttribute, g.UsernameAttribute) assert.Equal(w.PasswordAttribute, g.PasswordAttribute) @@ -329,7 +329,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) { } // verify it was persisted in the database - override := allocUserPasswordOverride() + override := allocUsernamePasswordOverride() assert.NoError(rw.LookupWhere(ctx, &override, "library_id = ?", []interface{}{got.GetPublicId()})) } }) @@ -757,7 +757,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { { name: "change-vault-path", orig: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("orig-username")), + MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("orig-username")), CredentialLibrary: &store.CredentialLibrary{ HttpMethod: "GET", VaultPath: "/old/path", @@ -767,7 +767,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { chgFn: changeVaultPath("/new/path"), masks: []string{vaultPathField}, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride(WithOverrideUsernameAttribute("orig-username")), + MappingOverride: NewUsernamePasswordOverride(WithOverrideUsernameAttribute("orig-username")), CredentialLibrary: &store.CredentialLibrary{ HttpMethod: "GET", VaultPath: "/new/path", @@ -929,9 +929,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { wantErr: errors.InvalidFieldMask, }, { - name: "user-password-attributes-change-username-attribute", + name: "username-password-attributes-change-username-attribute", orig: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), @@ -943,13 +943,13 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { }, }, chgFn: changeMappingOverride( - NewUserPasswordOverride( + NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), ), ), masks: []string{"MappingOverride"}, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -962,9 +962,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { wantCount: 1, }, { - name: "user-password-attributes-change-password-attribute", + name: "username-password-attributes-change-password-attribute", orig: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), @@ -976,13 +976,13 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { }, }, chgFn: changeMappingOverride( - NewUserPasswordOverride( + NewUsernamePasswordOverride( WithOverridePasswordAttribute("changed-password"), ), ), masks: []string{"MappingOverride"}, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverridePasswordAttribute("changed-password"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -995,9 +995,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { wantCount: 1, }, { - name: "user-password-attributes-change-username-and-password-attributes", + name: "username-password-attributes-change-username-and-password-attributes", orig: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), @@ -1009,14 +1009,14 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { }, }, chgFn: changeMappingOverride( - NewUserPasswordOverride( + NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), WithOverridePasswordAttribute("changed-password"), ), ), masks: []string{"MappingOverride"}, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), WithOverridePasswordAttribute("changed-password"), ), @@ -1040,14 +1040,14 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { }, }, chgFn: changeMappingOverride( - NewUserPasswordOverride( + NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), WithOverridePasswordAttribute("changed-password"), ), ), masks: []string{"MappingOverride"}, want: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), WithOverridePasswordAttribute("changed-password"), ), @@ -1061,9 +1061,9 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { wantCount: 1, }, { - name: "user-password-attributes-delete-mapping-override", + name: "username-password-attributes-delete-mapping-override", orig: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), @@ -1096,7 +1096,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { }, }, chgFn: changeMappingOverride( - NewUserPasswordOverride( + NewUsernamePasswordOverride( WithOverrideUsernameAttribute("changed-username"), WithOverridePasswordAttribute("changed-password"), ), @@ -1167,8 +1167,8 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) { switch w := tt.want.MappingOverride.(type) { case nil: assert.Nil(got.MappingOverride) - case *UserPasswordOverride: - g, ok := got.MappingOverride.(*UserPasswordOverride) + case *UsernamePasswordOverride: + g, ok := got.MappingOverride.(*UsernamePasswordOverride) require.True(ok) assert.Equal(w.UsernameAttribute, g.UsernameAttribute) assert.Equal(w.PasswordAttribute, g.PasswordAttribute) @@ -1318,7 +1318,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type", + name: "valid-username-password-credential-type", in: &CredentialLibrary{ CredentialLibrary: &store.CredentialLibrary{ StoreId: cs.GetPublicId(), @@ -1329,9 +1329,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type-with-username-override", + name: "valid-username-password-credential-type-with-username-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -1343,9 +1343,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type-with-password-override", + name: "valid-username-password-credential-type-with-password-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverridePasswordAttribute("ptest"), ), CredentialLibrary: &store.CredentialLibrary{ @@ -1357,9 +1357,9 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) { }, }, { - name: "valid-user-password-credential-type-with-username-and-password-override", + name: "valid-username-password-credential-type-with-username-and-password-override", in: &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("utest"), WithOverridePasswordAttribute("ptest"), ), @@ -1398,8 +1398,8 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) { require.NotNil(got.MappingOverride) assert.IsType(orig.MappingOverride, got.MappingOverride) switch w := orig.MappingOverride.(type) { - case *UserPasswordOverride: - g, ok := got.MappingOverride.(*UserPasswordOverride) + case *UsernamePasswordOverride: + g, ok := got.MappingOverride.(*UsernamePasswordOverride) require.True(ok) assert.Equal(w.UsernameAttribute, g.UsernameAttribute) assert.Equal(w.PasswordAttribute, g.PasswordAttribute) @@ -1519,7 +1519,7 @@ func TestRepository_DeleteCredentialLibrary(t *testing.T) { _, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper)) cs := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 1)[0] lib := &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), @@ -1563,7 +1563,7 @@ func TestRepository_ListCredentialLibraries(t *testing.T) { _, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper)) cs := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 2)[0] lib := &CredentialLibrary{ - MappingOverride: NewUserPasswordOverride( + MappingOverride: NewUsernamePasswordOverride( WithOverrideUsernameAttribute("orig-username"), WithOverridePasswordAttribute("orig-password"), ), diff --git a/internal/credential/vault/repository_credentials_test.go b/internal/credential/vault/repository_credentials_test.go index 2fa094eb66..a86a6b0686 100644 --- a/internal/credential/vault/repository_credentials_test.go +++ b/internal/credential/vault/repository_credentials_test.go @@ -45,7 +45,7 @@ func TestRepository_IssueCredentials(t *testing.T) { _, token := v.CreateToken(t, vault.WithPolicies([]string{"default", "boundary-controller", "database", "pki", "secret"})) - // Create valid user password KV secret + // Create valid username password KV secret v.CreateKVSecret(t, "my-secret", []byte(`{"data":{"username":"user","password":"pass"}}`)) var opts []vault.Option @@ -142,7 +142,7 @@ func TestRepository_IssueCredentials(t *testing.T) { libPath := path.Join("database", "creds", "opened") opts := []vault.Option{ vault.WithCredentialType(credential.UsernamePasswordType), - vault.WithMappingOverride(vault.NewUserPasswordOverride( + vault.WithMappingOverride(vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("test-username"), vault.WithOverridePasswordAttribute("test-password"), )), @@ -332,10 +332,10 @@ func TestRepository_IssueCredentials(t *testing.T) { assert.NotEmpty(upc.Password()) break } - assert.Fail("want UserPassword credential from library with credential type UsernamePassword") + assert.Fail("want UsernamePassword credential from library with credential type UsernamePassword") case credential.UnspecifiedType: if _, ok := dc.(credential.UsernamePassword); ok { - assert.Fail("do not want UserPassword credential from library with credential type Unspecified") + assert.Fail("do not want UsernamePassword credential from library with credential type Unspecified") } } } diff --git a/internal/credential/vault/store/vault.pb.go b/internal/credential/vault/store/vault.pb.go index 3ce20459e5..d542718820 100644 --- a/internal/credential/vault/store/vault.pb.go +++ b/internal/credential/vault/store/vault.pb.go @@ -787,7 +787,7 @@ func (x *Credential) GetStatus() string { return "" } -type UserPasswordOverride struct { +type UsernamePasswordOverride struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -815,8 +815,8 @@ type UserPasswordOverride struct { PasswordAttribute string `protobuf:"bytes,3,opt,name=password_attribute,json=passwordAttribute,proto3" json:"password_attribute,omitempty" gorm:"default:null"` } -func (x *UserPasswordOverride) Reset() { - *x = UserPasswordOverride{} +func (x *UsernamePasswordOverride) Reset() { + *x = UsernamePasswordOverride{} if protoimpl.UnsafeEnabled { mi := &file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -824,13 +824,13 @@ func (x *UserPasswordOverride) Reset() { } } -func (x *UserPasswordOverride) String() string { +func (x *UsernamePasswordOverride) String() string { return protoimpl.X.MessageStringOf(x) } -func (*UserPasswordOverride) ProtoMessage() {} +func (*UsernamePasswordOverride) ProtoMessage() {} -func (x *UserPasswordOverride) ProtoReflect() protoreflect.Message { +func (x *UsernamePasswordOverride) ProtoReflect() protoreflect.Message { mi := &file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -842,26 +842,26 @@ func (x *UserPasswordOverride) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use UserPasswordOverride.ProtoReflect.Descriptor instead. -func (*UserPasswordOverride) Descriptor() ([]byte, []int) { +// Deprecated: Use UsernamePasswordOverride.ProtoReflect.Descriptor instead. +func (*UsernamePasswordOverride) Descriptor() ([]byte, []int) { return file_controller_storage_credential_vault_store_v1_vault_proto_rawDescGZIP(), []int{5} } -func (x *UserPasswordOverride) GetLibraryId() string { +func (x *UsernamePasswordOverride) GetLibraryId() string { if x != nil { return x.LibraryId } return "" } -func (x *UserPasswordOverride) GetUsernameAttribute() string { +func (x *UsernamePasswordOverride) GetUsernameAttribute() string { if x != nil { return x.UsernameAttribute } return "" } -func (x *UserPasswordOverride) GetPasswordAttribute() string { +func (x *UsernamePasswordOverride) GetPasswordAttribute() string { if x != nil { return x.PasswordAttribute } @@ -1065,21 +1065,22 @@ var file_controller_storage_credential_vault_store_v1_vault_proto_rawDesc = []by 0x0c, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x93, 0x01, 0x0a, 0x14, 0x55, 0x73, 0x65, - 0x72, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, - 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x49, 0x64, - 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x75, 0x73, - 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, - 0x2d, 0x0a, 0x12, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x70, 0x61, 0x73, - 0x73, 0x77, 0x6f, 0x72, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x42, 0x45, - 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x61, 0x6c, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3b, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x97, 0x01, 0x0a, 0x18, 0x55, 0x73, 0x65, + 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x4f, 0x76, 0x65, + 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, + 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6c, 0x69, 0x62, 0x72, 0x61, + 0x72, 0x79, 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, + 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x11, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, + 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x11, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x42, 0x45, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x61, 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x3b, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -1096,13 +1097,13 @@ func file_controller_storage_credential_vault_store_v1_vault_proto_rawDescGZIP() var file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_controller_storage_credential_vault_store_v1_vault_proto_goTypes = []interface{}{ - (*CredentialStore)(nil), // 0: controller.storage.credential.vault.store.v1.CredentialStore - (*Token)(nil), // 1: controller.storage.credential.vault.store.v1.Token - (*ClientCertificate)(nil), // 2: controller.storage.credential.vault.store.v1.ClientCertificate - (*CredentialLibrary)(nil), // 3: controller.storage.credential.vault.store.v1.CredentialLibrary - (*Credential)(nil), // 4: controller.storage.credential.vault.store.v1.Credential - (*UserPasswordOverride)(nil), // 5: controller.storage.credential.vault.store.v1.UserPasswordOverride - (*timestamp.Timestamp)(nil), // 6: controller.storage.timestamp.v1.Timestamp + (*CredentialStore)(nil), // 0: controller.storage.credential.vault.store.v1.CredentialStore + (*Token)(nil), // 1: controller.storage.credential.vault.store.v1.Token + (*ClientCertificate)(nil), // 2: controller.storage.credential.vault.store.v1.ClientCertificate + (*CredentialLibrary)(nil), // 3: controller.storage.credential.vault.store.v1.CredentialLibrary + (*Credential)(nil), // 4: controller.storage.credential.vault.store.v1.Credential + (*UsernamePasswordOverride)(nil), // 5: controller.storage.credential.vault.store.v1.UsernamePasswordOverride + (*timestamp.Timestamp)(nil), // 6: controller.storage.timestamp.v1.Timestamp } var file_controller_storage_credential_vault_store_v1_vault_proto_depIdxs = []int32{ 6, // 0: controller.storage.credential.vault.store.v1.CredentialStore.create_time:type_name -> controller.storage.timestamp.v1.Timestamp @@ -1192,7 +1193,7 @@ func file_controller_storage_credential_vault_store_v1_vault_proto_init() { } } file_controller_storage_credential_vault_store_v1_vault_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPasswordOverride); i { + switch v := v.(*UsernamePasswordOverride); i { case 0: return &v.state case 1: diff --git a/internal/daemon/cluster/handlers/worker_service_test.go b/internal/daemon/cluster/handlers/worker_service_test.go index c5357b7168..e39d685be4 100644 --- a/internal/daemon/cluster/handlers/worker_service_test.go +++ b/internal/daemon/cluster/handlers/worker_service_test.go @@ -74,16 +74,16 @@ func TestLookupSession(t *testing.T) { creds := []*pbs.Credential{ { - Credential: &pbs.Credential_UserPassword{ - UserPassword: &pbs.UserPassword{ + Credential: &pbs.Credential_UsernamePassword{ + UsernamePassword: &pbs.UsernamePassword{ Username: "username", Password: "password", }, }, }, { - Credential: &pbs.Credential_UserPassword{ - UserPassword: &pbs.UserPassword{ + Credential: &pbs.Credential_UsernamePassword{ + UsernamePassword: &pbs.UsernamePassword{ Username: "another-username", Password: "a different password", }, @@ -167,7 +167,7 @@ func TestLookupSession(t *testing.T) { cmp.Diff( tc.want, got, - cmpopts.IgnoreUnexported(pbs.LookupSessionResponse{}, pbs.Credential{}, pbs.UserPassword{}), + cmpopts.IgnoreUnexported(pbs.LookupSessionResponse{}, pbs.Credential{}, pbs.UsernamePassword{}), cmpopts.IgnoreFields(pbs.LookupSessionResponse{}, "Expiration", "Authorization"), ), ) diff --git a/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go b/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go index c3f00856f2..d697dc0df4 100644 --- a/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go +++ b/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go @@ -524,7 +524,7 @@ func toProto(in credential.Library, opt ...handlers.Option) (*pb.CredentialLibra if outputFields.Has(globals.CredentialMappingOverridesField) && vaultIn.MappingOverride != nil { m := make(map[string]interface{}) switch mapping := vaultIn.MappingOverride.(type) { - case *vault.UserPasswordOverride: + case *vault.UsernamePasswordOverride: if mapping.UsernameAttribute != "" { m[usernameAttribute] = mapping.UsernameAttribute } @@ -590,7 +590,7 @@ func toStorageVaultLibrary(storeId string, in *pb.CredentialLibrary) (out *vault mapOpts = append(mapOpts, vault.WithOverridePasswordAttribute(password.(string))) } if len(mapOpts) > 0 { - opts = append(opts, vault.WithMappingOverride(vault.NewUserPasswordOverride(mapOpts...))) + opts = append(opts, vault.WithMappingOverride(vault.NewUsernamePasswordOverride(mapOpts...))) } } @@ -736,7 +736,7 @@ func getMappingUpdates(credentialType credential.Type, current vault.MappingOver switch credentialType { case credential.UsernamePasswordType: var currentUser, currentPass interface{} - if overrides, ok := current.(*vault.UserPasswordOverride); ok { + if overrides, ok := current.(*vault.UsernamePasswordOverride); ok { currentUser = overrides.UsernameAttribute currentPass = overrides.PasswordAttribute } diff --git a/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go b/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go index 6209941ed8..e2930f7fbc 100644 --- a/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go +++ b/internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go @@ -609,7 +609,7 @@ func TestGet(t *testing.T) { lib, err := vault.NewCredentialLibrary(store.GetPublicId(), "vault/path", vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("user"), vault.WithOverridePasswordAttribute("pass"), ))) @@ -646,7 +646,7 @@ func TestGet(t *testing.T) { }, }, { - name: "success-userpassword", + name: "success-UsernamePassword", id: userPassLib.GetPublicId(), res: &pbs.GetCredentialLibraryResponse{ Item: &pb.CredentialLibrary{ @@ -901,11 +901,11 @@ func TestUpdate(t *testing.T) { }, }, { - name: "user-password-attributes-change-username-attribute", + name: "username-password-attributes-change-username-attribute", opts: []vault.Option{ vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("orig-user"), vault.WithOverridePasswordAttribute("orig-pass"), )), @@ -930,11 +930,11 @@ func TestUpdate(t *testing.T) { }, }, { - name: "user-password-attributes-change-password-attribute", + name: "username-password-attributes-change-password-attribute", opts: []vault.Option{ vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("orig-user"), vault.WithOverridePasswordAttribute("orig-pass"), )), @@ -959,11 +959,11 @@ func TestUpdate(t *testing.T) { }, }, { - name: "user-password-attributes-change-username-and-password-attributes", + name: "username-password-attributes-change-username-and-password-attributes", opts: []vault.Option{ vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("orig-user"), vault.WithOverridePasswordAttribute("orig-pass"), )), @@ -1021,11 +1021,11 @@ func TestUpdate(t *testing.T) { }, }, { - name: "user-password-attributes-delete-mapping-override", + name: "username-password-attributes-delete-mapping-override", opts: []vault.Option{ vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("orig-user"), vault.WithOverridePasswordAttribute("orig-pass"), )), @@ -1060,11 +1060,11 @@ func TestUpdate(t *testing.T) { }, }, { - name: "user-password-attributes-delete-mapping-override-field-specific", + name: "username-password-attributes-delete-mapping-override-field-specific", opts: []vault.Option{ vault.WithCredentialType("username_password"), vault.WithMappingOverride( - vault.NewUserPasswordOverride( + vault.NewUsernamePasswordOverride( vault.WithOverrideUsernameAttribute("orig-user"), vault.WithOverridePasswordAttribute("orig-pass"), )), diff --git a/internal/daemon/controller/handlers/targets/credentials.go b/internal/daemon/controller/handlers/targets/credentials.go index 23c46f3371..11acc2be69 100644 --- a/internal/daemon/controller/handlers/targets/credentials.go +++ b/internal/daemon/controller/handlers/targets/credentials.go @@ -26,8 +26,8 @@ func dynamicToWorkerCredential(ctx context.Context, cred credential.Dynamic) (se switch c := cred.(type) { case credential.UsernamePassword: workerCred = &serverpb.Credential{ - Credential: &serverpb.Credential_UserPassword{ - UserPassword: &serverpb.UserPassword{ + Credential: &serverpb.Credential_UsernamePassword{ + UsernamePassword: &serverpb.UsernamePassword{ Username: c.Username(), Password: string(c.Password()), }, @@ -81,7 +81,7 @@ func dynamicToSessionCredential(ctx context.Context, cred credential.Dynamic) (* switch c := cred.(type) { case credential.UsernamePassword: credData, err = handlers.ProtoToStruct( - &pb.UserPasswordCredential{ + &pb.UsernamePasswordCredential{ Username: c.Username(), Password: string(c.Password()), }, @@ -120,8 +120,8 @@ func staticToWorkerCredential(ctx context.Context, cred credential.Static) (sess switch c := cred.(type) { case *credstatic.UsernamePasswordCredential: workerCred = &serverpb.Credential{ - Credential: &serverpb.Credential_UserPassword{ - UserPassword: &serverpb.UserPassword{ + Credential: &serverpb.Credential_UsernamePassword{ + UsernamePassword: &serverpb.UsernamePassword{ Username: c.GetUsername(), Password: string(c.GetPassword()), }, @@ -150,7 +150,7 @@ func staticToSessionCredential(ctx context.Context, cred credential.Static) (*pb var err error credType = string(credential.UsernamePasswordType) credData, err = handlers.ProtoToStruct( - &pb.UserPasswordCredential{ + &pb.UsernamePasswordCredential{ Username: c.GetUsername(), Password: string(c.GetPassword()), }, diff --git a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go index d2a8185ab0..20d2a3c80c 100644 --- a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go +++ b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go @@ -2684,10 +2684,10 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { defaultUserPass := v.CreateKVSecret(t, "default-userpass", []byte(`{"data": {"username": "my-user", "password": "my-pass"}}`)) require.NotNil(t, defaultUserPass) - clsRespUserPassword, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{ + clsRespUsernamePassword, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{ CredentialStoreId: vaultStore.GetPublicId(), - Name: wrapperspb.String("Userpassword Library"), - Description: wrapperspb.String("Userpassword Library Description"), + Name: wrapperspb.String("Usernamepassword Library"), + Description: wrapperspb.String("Usernamepassword Library Description"), Attrs: &credlibpb.CredentialLibrary_VaultCredentialLibraryAttributes{ VaultCredentialLibraryAttributes: &credlibpb.VaultCredentialLibraryAttributes{ Path: wrapperspb.String(path.Join("secret", "data", "default-userpass")), @@ -2715,10 +2715,10 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { nonDefaultUserPass := v.CreateKVSecret(t, "non-default-userpass", []byte(`{"data": {"non-default-user": "my-user", "non-default-pass": "my-pass"}}`)) require.NotNil(t, nonDefaultUserPass) - clsRespUserPasswordWithMapping, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{ + clsRespUsernamePasswordWithMapping, err := credLibService.CreateCredentialLibrary(ctx, &pbs.CreateCredentialLibraryRequest{Item: &credlibpb.CredentialLibrary{ CredentialStoreId: vaultStore.GetPublicId(), - Name: wrapperspb.String("Userpassword Mapping Library"), - Description: wrapperspb.String("Userpassword Mapping Library Description"), + Name: wrapperspb.String("Usernamepassword Mapping Library"), + Description: wrapperspb.String("Usernamepassword Mapping Library Description"), Attrs: &credlibpb.CredentialLibrary_VaultCredentialLibraryAttributes{ VaultCredentialLibraryAttributes: &credlibpb.VaultCredentialLibraryAttributes{ Path: wrapperspb.String(path.Join("secret", "data", "non-default-userpass")), @@ -2776,16 +2776,16 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { }, }, { - name: "vault-userpassword", + name: "vault-usernamepassword", hostSourceId: shs.GetPublicId(), - credSourceId: clsRespUserPassword.GetItem().GetId(), + credSourceId: clsRespUsernamePassword.GetItem().GetId(), wantedHostId: h.GetPublicId(), wantedEndpoint: h.GetAddress(), wantedCred: &pb.SessionCredential{ CredentialSource: &pb.CredentialSource{ - Id: clsRespUserPassword.GetItem().GetId(), - Name: clsRespUserPassword.GetItem().GetName().GetValue(), - Description: clsRespUserPassword.GetItem().GetDescription().GetValue(), + Id: clsRespUsernamePassword.GetItem().GetId(), + Name: clsRespUsernamePassword.GetItem().GetName().GetValue(), + Description: clsRespUsernamePassword.GetItem().GetDescription().GetValue(), CredentialStoreId: vaultStore.GetPublicId(), Type: vault.Subtype.String(), CredentialType: string(credential.UsernamePasswordType), @@ -2802,16 +2802,16 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { }, }, { - name: "vault-userpassword-with-mapping", + name: "vault-UsernamePassword-with-mapping", hostSourceId: shs.GetPublicId(), - credSourceId: clsRespUserPasswordWithMapping.GetItem().GetId(), + credSourceId: clsRespUsernamePasswordWithMapping.GetItem().GetId(), wantedHostId: h.GetPublicId(), wantedEndpoint: h.GetAddress(), wantedCred: &pb.SessionCredential{ CredentialSource: &pb.CredentialSource{ - Id: clsRespUserPasswordWithMapping.GetItem().GetId(), - Name: clsRespUserPasswordWithMapping.GetItem().GetName().GetValue(), - Description: clsRespUserPasswordWithMapping.GetItem().GetDescription().GetValue(), + Id: clsRespUsernamePasswordWithMapping.GetItem().GetId(), + Name: clsRespUsernamePasswordWithMapping.GetItem().GetName().GetValue(), + Description: clsRespUsernamePasswordWithMapping.GetItem().GetDescription().GetValue(), CredentialStoreId: vaultStore.GetPublicId(), Type: vault.Subtype.String(), CredentialType: string(credential.UsernamePasswordType), @@ -2828,7 +2828,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { }, }, { - name: "static-userpassword", + name: "static-UsernamePassword", hostSourceId: shs.GetPublicId(), credSourceId: credResp.GetItem().GetId(), wantedHostId: h.GetPublicId(), diff --git a/internal/daemon/worker/proxy/options_test.go b/internal/daemon/worker/proxy/options_test.go index b2fdcf4640..335f16b706 100644 --- a/internal/daemon/worker/proxy/options_test.go +++ b/internal/daemon/worker/proxy/options_test.go @@ -13,8 +13,8 @@ func Test_GetOpts(t *testing.T) { t.Run("WithEgressCredentials", func(t *testing.T) { assert := assert.New(t) c := &serverpb.Credential{ - Credential: &serverpb.Credential_UserPassword{ - UserPassword: &serverpb.UserPassword{ + Credential: &serverpb.Credential_UsernamePassword{ + UsernamePassword: &serverpb.UsernamePassword{ Username: "user", Password: "pass", }, diff --git a/internal/db/schema/migrations/oss/postgres/22/04_vault_library_map_user_password.up.sql b/internal/db/schema/migrations/oss/postgres/22/04_vault_library_map_user_password.up.sql index d5b8b5f450..29e9c7435f 100644 --- a/internal/db/schema/migrations/oss/postgres/22/04_vault_library_map_user_password.up.sql +++ b/internal/db/schema/migrations/oss/postgres/22/04_vault_library_map_user_password.up.sql @@ -1,5 +1,6 @@ begin; +-- Updated in 35/01_vault_library_map_username_password.up.sql create table credential_vault_library_user_password_mapping_override ( library_id wt_public_id primary key constraint credential_vault_library_fkey diff --git a/internal/db/schema/migrations/oss/postgres/22/05_vault_private_library.up.sql b/internal/db/schema/migrations/oss/postgres/22/05_vault_private_library.up.sql index b0964bbf80..a4be242925 100644 --- a/internal/db/schema/migrations/oss/postgres/22/05_vault_private_library.up.sql +++ b/internal/db/schema/migrations/oss/postgres/22/05_vault_private_library.up.sql @@ -1,5 +1,6 @@ begin; +-- Updated in 35/02_vault_private_library.up.sql -- Replaces view from 10/04_vault_credential.up.sql drop view credential_vault_library_private; diff --git a/internal/db/schema/migrations/oss/postgres/35/01_vault_library_map_username_password.up.sql b/internal/db/schema/migrations/oss/postgres/35/01_vault_library_map_username_password.up.sql new file mode 100644 index 0000000000..e5e55b26cf --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/35/01_vault_library_map_username_password.up.sql @@ -0,0 +1,12 @@ +begin; + +-- Renames table from 22/04_vault_library_map_user_password.up.sql + alter table credential_vault_library_user_password_mapping_override + rename to credential_vault_library_username_password_mapping_override; + comment on table credential_vault_library_username_password_mapping_override is + 'credential_vault_library_username_password_mapping_override is a table ' + 'where each row represents a mapping that overrides the default mapping ' + 'from a generic vault secret to a username password credential type ' + 'for a vault credential library.'; + +commit; diff --git a/internal/db/schema/migrations/oss/postgres/35/02_vault_private_library.up.sql b/internal/db/schema/migrations/oss/postgres/35/02_vault_private_library.up.sql new file mode 100644 index 0000000000..8403cdd886 --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/35/02_vault_private_library.up.sql @@ -0,0 +1,69 @@ +begin; + +-- Replaces view from 22/05_vault_private_library.up.sql + drop view credential_vault_library_public; + drop view credential_vault_library_private; + + create view credential_vault_library_private as + with + password_override (library_id, username_attribute, password_attribute) as ( + select library_id, + nullif(username_attribute, wt_to_sentinel('no override')), + nullif(password_attribute, wt_to_sentinel('no override')) + from credential_vault_library_username_password_mapping_override + ) + select library.public_id as public_id, + library.store_id as store_id, + library.name as name, + library.description as description, + library.create_time as create_time, + library.update_time as update_time, + library.version as version, + library.vault_path as vault_path, + library.http_method as http_method, + library.http_request_body as http_request_body, + library.credential_type as credential_type, + store.scope_id as scope_id, + store.vault_address as vault_address, + store.namespace as namespace, + store.ca_cert as ca_cert, + store.tls_server_name as tls_server_name, + store.tls_skip_verify as tls_skip_verify, + store.token_hmac as token_hmac, + store.ct_token as ct_token, -- encrypted + store.token_key_id as token_key_id, + store.client_cert as client_cert, + store.ct_client_key as ct_client_key, -- encrypted + store.client_key_id as client_key_id, + upasso.username_attribute as username_attribute, + upasso.password_attribute as password_attribute + from credential_vault_library library + join credential_vault_store_private store + on library.store_id = store.public_id + left join password_override upasso + on library.public_id = upasso.library_id + and store.token_status = 'current'; + comment on view credential_vault_library_private is + 'credential_vault_library_private is a view where each row contains a credential library and the credential library''s data needed to connect to Vault. ' + 'Each row may contain encrypted data. This view should not be used to retrieve data which will be returned external to boundary.'; + + create view credential_vault_library_public as + select public_id, + store_id, + name, + description, + create_time, + update_time, + version, + vault_path, + http_method, + http_request_body, + credential_type, + username_attribute, + password_attribute + from credential_vault_library_private; + comment on view credential_vault_library_public is + 'credential_vault_library_public is a view where each row contains a credential library and any of library''s credential mapping overrides. ' + 'No encrypted data is returned. This view can be used to retrieve data which will be returned external to boundary.'; + +commit; diff --git a/internal/db/sqltest/initdb.d/03_widgets_persona.sql b/internal/db/sqltest/initdb.d/03_widgets_persona.sql index cbd970038b..e5ebbc7c26 100644 --- a/internal/db/sqltest/initdb.d/03_widgets_persona.sql +++ b/internal/db/sqltest/initdb.d/03_widgets_persona.sql @@ -352,22 +352,22 @@ begin; ('vs_______wvs', 'vl______wvl6', 'widget vault kv four', 'None', '/secrets/kv/four', 'GET', 'username_password'), ('vs_______wvs', 'vl______wvl7', 'widget vault kv five', 'None', '/secrets/kv/five', 'GET', 'username_password'); - insert into credential_vault_library_user_password_mapping_override + insert into credential_vault_library_username_password_mapping_override (library_id) values ('vl______wvl4'); - insert into credential_vault_library_user_password_mapping_override + insert into credential_vault_library_username_password_mapping_override (library_id, username_attribute) values ('vl______wvl5', 'my_username'); - insert into credential_vault_library_user_password_mapping_override + insert into credential_vault_library_username_password_mapping_override (library_id, password_attribute) values ('vl______wvl6', 'my_password'); - insert into credential_vault_library_user_password_mapping_override + insert into credential_vault_library_username_password_mapping_override (library_id, username_attribute, password_attribute) values ('vl______wvl7', 'my_username', 'my_password'); diff --git a/internal/db/sqltest/tests/credential/vault/credential_vault_library_user_password_mapping_override.sql b/internal/db/sqltest/tests/credential/vault/credential_vault_library_username_password_mapping_override.sql similarity index 73% rename from internal/db/sqltest/tests/credential/vault/credential_vault_library_user_password_mapping_override.sql rename to internal/db/sqltest/tests/credential/vault/credential_vault_library_username_password_mapping_override.sql index febb377744..5a3dced2e2 100644 --- a/internal/db/sqltest/tests/credential/vault/credential_vault_library_user_password_mapping_override.sql +++ b/internal/db/sqltest/tests/credential/vault/credential_vault_library_username_password_mapping_override.sql @@ -1,4 +1,4 @@ --- credential_vault_library_user_password_mapping_override tests: +-- credential_vault_library_username_password_mapping_override tests: -- the following triggers -- insert_credential_vault_library_mapping_override_subtype -- delete_credential_vault_library_mapping_override_subtype @@ -9,7 +9,7 @@ begin; -- validate the setup data select is(count(*), 4::bigint) - from credential_vault_library_user_password_mapping_override + from credential_vault_library_username_password_mapping_override where library_id in ('vl______wvl4', 'vl______wvl5', 'vl______wvl6', 'vl______wvl7'); select is(count(*), 4::bigint) @@ -34,27 +34,27 @@ begin; ); -- validate the insert triggers - select is(count(*), 0::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3'; + select is(count(*), 0::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3'; select is(count(*), 0::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3'; - prepare insert_credential_vault_library_user_password_mapping_override as - insert into credential_vault_library_user_password_mapping_override + prepare insert_credential_vault_library_username_password_mapping_override as + insert into credential_vault_library_username_password_mapping_override (library_id, username_attribute, password_attribute) values ('vl______wvl3', 'my_username', 'my_password'); - select lives_ok('insert_credential_vault_library_user_password_mapping_override'); + select lives_ok('insert_credential_vault_library_username_password_mapping_override'); - select is(count(*), 1::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3'; + select is(count(*), 1::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3'; select is(count(*), 1::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3'; -- validate the delete triggers - prepare delete_credential_vault_library_user_password_mapping_override as + prepare delete_credential_vault_library_username_password_mapping_override as delete - from credential_vault_library_user_password_mapping_override + from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3'; - select lives_ok('delete_credential_vault_library_user_password_mapping_override'); + select lives_ok('delete_credential_vault_library_username_password_mapping_override'); - select is(count(*), 0::bigint) from credential_vault_library_user_password_mapping_override where library_id = 'vl______wvl3'; + select is(count(*), 0::bigint) from credential_vault_library_username_password_mapping_override where library_id = 'vl______wvl3'; select is(count(*), 0::bigint) from credential_vault_library_mapping_override where library_id = 'vl______wvl3'; select * from finish(); diff --git a/internal/gen/controller/servers/services/credential.pb.go b/internal/gen/controller/servers/services/credential.pb.go index 240688bfec..b2777c18cc 100644 --- a/internal/gen/controller/servers/services/credential.pb.go +++ b/internal/gen/controller/servers/services/credential.pb.go @@ -26,7 +26,7 @@ type Credential struct { unknownFields protoimpl.UnknownFields // Types that are assignable to Credential: - // *Credential_UserPassword + // *Credential_UsernamePassword Credential isCredential_Credential `protobuf_oneof:"credential"` } @@ -69,9 +69,9 @@ func (m *Credential) GetCredential() isCredential_Credential { return nil } -func (x *Credential) GetUserPassword() *UserPassword { - if x, ok := x.GetCredential().(*Credential_UserPassword); ok { - return x.UserPassword +func (x *Credential) GetUsernamePassword() *UsernamePassword { + if x, ok := x.GetCredential().(*Credential_UsernamePassword); ok { + return x.UsernamePassword } return nil } @@ -80,14 +80,14 @@ type isCredential_Credential interface { isCredential_Credential() } -type Credential_UserPassword struct { - UserPassword *UserPassword `protobuf:"bytes,1,opt,name=user_password,json=userPassword,proto3,oneof"` +type Credential_UsernamePassword struct { + UsernamePassword *UsernamePassword `protobuf:"bytes,2,opt,name=username_password,json=usernamePassword,proto3,oneof"` } -func (*Credential_UserPassword) isCredential_Credential() {} +func (*Credential_UsernamePassword) isCredential_Credential() {} -// UserPassword is a credential containing a username and a password. -type UserPassword struct { +// UsernamePassword is a credential containing a username and a password. +type UsernamePassword struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -98,8 +98,8 @@ type UserPassword struct { Password string `protobuf:"bytes,20,opt,name=password,proto3" json:"password,omitempty"` // @gotags: `class:"secret"` } -func (x *UserPassword) Reset() { - *x = UserPassword{} +func (x *UsernamePassword) Reset() { + *x = UsernamePassword{} if protoimpl.UnsafeEnabled { mi := &file_controller_servers_services_v1_credential_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -107,13 +107,13 @@ func (x *UserPassword) Reset() { } } -func (x *UserPassword) String() string { +func (x *UsernamePassword) String() string { return protoimpl.X.MessageStringOf(x) } -func (*UserPassword) ProtoMessage() {} +func (*UsernamePassword) ProtoMessage() {} -func (x *UserPassword) ProtoReflect() protoreflect.Message { +func (x *UsernamePassword) ProtoReflect() protoreflect.Message { mi := &file_controller_servers_services_v1_credential_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -125,19 +125,19 @@ func (x *UserPassword) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use UserPassword.ProtoReflect.Descriptor instead. -func (*UserPassword) Descriptor() ([]byte, []int) { +// Deprecated: Use UsernamePassword.ProtoReflect.Descriptor instead. +func (*UsernamePassword) Descriptor() ([]byte, []int) { return file_controller_servers_services_v1_credential_proto_rawDescGZIP(), []int{1} } -func (x *UserPassword) GetUsername() string { +func (x *UsernamePassword) GetUsername() string { if x != nil { return x.Username } return "" } -func (x *UserPassword) GetPassword() string { +func (x *UsernamePassword) GetPassword() string { if x != nil { return x.Password } @@ -152,24 +152,26 @@ var file_controller_servers_services_v1_credential_proto_rawDesc = []byte{ 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, - 0x31, 0x22, 0x6f, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, - 0x53, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73, - 0x77, 0x6f, 0x72, 0x64, 0x48, 0x00, 0x52, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73, - 0x77, 0x6f, 0x72, 0x64, 0x42, 0x0c, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x22, 0x46, 0x0a, 0x0c, 0x55, 0x73, 0x65, 0x72, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, - 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, - 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x51, 0x5a, 0x4f, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2f, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x31, 0x22, 0x90, 0x01, 0x0a, 0x0a, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x12, 0x5f, 0x0a, 0x11, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x73, + 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x63, 0x6f, + 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, + 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x48, 0x00, 0x52, + 0x10, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, + 0x64, 0x42, 0x0c, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4a, + 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x0d, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x61, 0x73, 0x73, + 0x77, 0x6f, 0x72, 0x64, 0x22, 0x4a, 0x0a, 0x10, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, + 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, + 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, + 0x42, 0x51, 0x5a, 0x4f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, + 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x73, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -186,11 +188,11 @@ func file_controller_servers_services_v1_credential_proto_rawDescGZIP() []byte { var file_controller_servers_services_v1_credential_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_controller_servers_services_v1_credential_proto_goTypes = []interface{}{ - (*Credential)(nil), // 0: controller.servers.services.v1.Credential - (*UserPassword)(nil), // 1: controller.servers.services.v1.UserPassword + (*Credential)(nil), // 0: controller.servers.services.v1.Credential + (*UsernamePassword)(nil), // 1: controller.servers.services.v1.UsernamePassword } var file_controller_servers_services_v1_credential_proto_depIdxs = []int32{ - 1, // 0: controller.servers.services.v1.Credential.user_password:type_name -> controller.servers.services.v1.UserPassword + 1, // 0: controller.servers.services.v1.Credential.username_password:type_name -> controller.servers.services.v1.UsernamePassword 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name @@ -217,7 +219,7 @@ func file_controller_servers_services_v1_credential_proto_init() { } } file_controller_servers_services_v1_credential_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPassword); i { + switch v := v.(*UsernamePassword); i { case 0: return &v.state case 1: @@ -230,7 +232,7 @@ func file_controller_servers_services_v1_credential_proto_init() { } } file_controller_servers_services_v1_credential_proto_msgTypes[0].OneofWrappers = []interface{}{ - (*Credential_UserPassword)(nil), + (*Credential_UsernamePassword)(nil), } type x struct{} out := protoimpl.TypeBuilder{ diff --git a/internal/proto/controller/api/resources/targets/v1/target.proto b/internal/proto/controller/api/resources/targets/v1/target.proto index 42577ec132..96df857cd5 100644 --- a/internal/proto/controller/api/resources/targets/v1/target.proto +++ b/internal/proto/controller/api/resources/targets/v1/target.proto @@ -280,8 +280,8 @@ message SessionAuthorization { repeated SessionCredential credentials = 110 [json_name = "credentials"]; } -// The layout of the struct for "credential" field in SessionCredential for a user_password credential type. -message UserPasswordCredential { +// The layout of the struct for "credential" field in SessionCredential for a username_password credential type. +message UsernamePasswordCredential { // Username of the credential string username = 1; // @gotags: `class:"sensitive"` diff --git a/internal/proto/controller/servers/services/v1/credential.proto b/internal/proto/controller/servers/services/v1/credential.proto index 5de563a05e..ea25185b6d 100644 --- a/internal/proto/controller/servers/services/v1/credential.proto +++ b/internal/proto/controller/servers/services/v1/credential.proto @@ -5,13 +5,16 @@ package controller.servers.services.v1; option go_package = "github.com/hashicorp/boundary/internal/gen/controller/servers/services;services"; message Credential { + reserved 1; + reserved "user_password"; + oneof credential { - UserPassword user_password = 1; + UsernamePassword username_password = 2; } } -// UserPassword is a credential containing a username and a password. -message UserPassword { +// UsernamePassword is a credential containing a username and a password. +message UsernamePassword { // The username of the credential string username = 10; // @gotags: `class:"public"` diff --git a/internal/proto/controller/storage/credential/vault/store/v1/vault.proto b/internal/proto/controller/storage/credential/vault/store/v1/vault.proto index e214ec62a2..7c62b224d3 100644 --- a/internal/proto/controller/storage/credential/vault/store/v1/vault.proto +++ b/internal/proto/controller/storage/credential/vault/store/v1/vault.proto @@ -319,7 +319,7 @@ message Credential { string status = 12; } -message UserPasswordOverride { +message UsernamePasswordOverride { // library_id of the owning vault credential library. // @inject_tag: `gorm:"primary_key"` string library_id = 1; diff --git a/sdk/pbs/controller/api/resources/targets/target.pb.go b/sdk/pbs/controller/api/resources/targets/target.pb.go index 4e8b1c1c7a..0752aec1e2 100644 --- a/sdk/pbs/controller/api/resources/targets/target.pb.go +++ b/sdk/pbs/controller/api/resources/targets/target.pb.go @@ -1008,8 +1008,8 @@ func (x *SessionAuthorization) GetCredentials() []*SessionCredential { return nil } -// The layout of the struct for "credential" field in SessionCredential for a user_password credential type. -type UserPasswordCredential struct { +// The layout of the struct for "credential" field in SessionCredential for a username_password credential type. +type UsernamePasswordCredential struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -1020,8 +1020,8 @@ type UserPasswordCredential struct { Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" class:"secret"` // @gotags: `class:"secret"` } -func (x *UserPasswordCredential) Reset() { - *x = UserPasswordCredential{} +func (x *UsernamePasswordCredential) Reset() { + *x = UsernamePasswordCredential{} if protoimpl.UnsafeEnabled { mi := &file_controller_api_resources_targets_v1_target_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -1029,13 +1029,13 @@ func (x *UserPasswordCredential) Reset() { } } -func (x *UserPasswordCredential) String() string { +func (x *UsernamePasswordCredential) String() string { return protoimpl.X.MessageStringOf(x) } -func (*UserPasswordCredential) ProtoMessage() {} +func (*UsernamePasswordCredential) ProtoMessage() {} -func (x *UserPasswordCredential) ProtoReflect() protoreflect.Message { +func (x *UsernamePasswordCredential) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_targets_v1_target_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -1047,19 +1047,19 @@ func (x *UserPasswordCredential) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -// Deprecated: Use UserPasswordCredential.ProtoReflect.Descriptor instead. -func (*UserPasswordCredential) Descriptor() ([]byte, []int) { +// Deprecated: Use UsernamePasswordCredential.ProtoReflect.Descriptor instead. +func (*UsernamePasswordCredential) Descriptor() ([]byte, []int) { return file_controller_api_resources_targets_v1_target_proto_rawDescGZIP(), []int{10} } -func (x *UserPasswordCredential) GetUsername() string { +func (x *UsernamePasswordCredential) GetUsername() string { if x != nil { return x.Username } return "" } -func (x *UserPasswordCredential) GetPassword() string { +func (x *UsernamePasswordCredential) GetPassword() string { if x != nil { return x.Password } @@ -1321,18 +1321,18 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{ 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x65, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x50, 0x0a, 0x16, 0x55, 0x73, 0x65, 0x72, - 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, - 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50, 0x5a, 0x4e, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x73, 0x64, 0x6b, 0x2f, - 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x54, 0x0a, 0x1a, 0x55, 0x73, 0x65, 0x72, + 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50, + 0x5a, 0x4e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, + 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, + 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1349,23 +1349,23 @@ func file_controller_api_resources_targets_v1_target_proto_rawDescGZIP() []byte var file_controller_api_resources_targets_v1_target_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_controller_api_resources_targets_v1_target_proto_goTypes = []interface{}{ - (*HostSource)(nil), // 0: controller.api.resources.targets.v1.HostSource - (*HostSet)(nil), // 1: controller.api.resources.targets.v1.HostSet - (*CredentialSource)(nil), // 2: controller.api.resources.targets.v1.CredentialSource - (*SessionSecret)(nil), // 3: controller.api.resources.targets.v1.SessionSecret - (*SessionCredential)(nil), // 4: controller.api.resources.targets.v1.SessionCredential - (*Target)(nil), // 5: controller.api.resources.targets.v1.Target - (*TcpTargetAttributes)(nil), // 6: controller.api.resources.targets.v1.TcpTargetAttributes - (*WorkerInfo)(nil), // 7: controller.api.resources.targets.v1.WorkerInfo - (*SessionAuthorizationData)(nil), // 8: controller.api.resources.targets.v1.SessionAuthorizationData - (*SessionAuthorization)(nil), // 9: controller.api.resources.targets.v1.SessionAuthorization - (*UserPasswordCredential)(nil), // 10: controller.api.resources.targets.v1.UserPasswordCredential - (*structpb.Struct)(nil), // 11: google.protobuf.Struct - (*scopes.ScopeInfo)(nil), // 12: controller.api.resources.scopes.v1.ScopeInfo - (*wrapperspb.StringValue)(nil), // 13: google.protobuf.StringValue - (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp - (*wrapperspb.UInt32Value)(nil), // 15: google.protobuf.UInt32Value - (*wrapperspb.Int32Value)(nil), // 16: google.protobuf.Int32Value + (*HostSource)(nil), // 0: controller.api.resources.targets.v1.HostSource + (*HostSet)(nil), // 1: controller.api.resources.targets.v1.HostSet + (*CredentialSource)(nil), // 2: controller.api.resources.targets.v1.CredentialSource + (*SessionSecret)(nil), // 3: controller.api.resources.targets.v1.SessionSecret + (*SessionCredential)(nil), // 4: controller.api.resources.targets.v1.SessionCredential + (*Target)(nil), // 5: controller.api.resources.targets.v1.Target + (*TcpTargetAttributes)(nil), // 6: controller.api.resources.targets.v1.TcpTargetAttributes + (*WorkerInfo)(nil), // 7: controller.api.resources.targets.v1.WorkerInfo + (*SessionAuthorizationData)(nil), // 8: controller.api.resources.targets.v1.SessionAuthorizationData + (*SessionAuthorization)(nil), // 9: controller.api.resources.targets.v1.SessionAuthorization + (*UsernamePasswordCredential)(nil), // 10: controller.api.resources.targets.v1.UsernamePasswordCredential + (*structpb.Struct)(nil), // 11: google.protobuf.Struct + (*scopes.ScopeInfo)(nil), // 12: controller.api.resources.scopes.v1.ScopeInfo + (*wrapperspb.StringValue)(nil), // 13: google.protobuf.StringValue + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp + (*wrapperspb.UInt32Value)(nil), // 15: google.protobuf.UInt32Value + (*wrapperspb.Int32Value)(nil), // 16: google.protobuf.Int32Value } var file_controller_api_resources_targets_v1_target_proto_depIdxs = []int32{ 11, // 0: controller.api.resources.targets.v1.SessionSecret.decoded:type_name -> google.protobuf.Struct @@ -1527,7 +1527,7 @@ func file_controller_api_resources_targets_v1_target_proto_init() { } } file_controller_api_resources_targets_v1_target_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPasswordCredential); i { + switch v := v.(*UsernamePasswordCredential); i { case 0: return &v.state case 1: