diff --git a/Makefile b/Makefile index eea8ce25ae..8bb69acad1 100644 --- a/Makefile +++ b/Makefile @@ -167,6 +167,8 @@ protobuild: @protoc-go-inject-tag -input=./internal/gen/controller/api/services/host_set_service.pb.go @protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go @protoc-go-inject-tag -input=./internal/gen/controller/api/services/authtokens_service.pb.go + @protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go + @protoc-go-inject-tag -input=./internal/gen/controller/api/services/managed_group_service.pb.go # these protos, services and openapi artifacts are purely for testing purposes @protoc-go-inject-tag -input=./internal/gen/testing/event/event.pb.go diff --git a/internal/gen/controller/api/services/managed_group_service.pb.go b/internal/gen/controller/api/services/managed_group_service.pb.go index 0ddbccf1e9..dbce75ea44 100644 --- a/internal/gen/controller/api/services/managed_group_service.pb.go +++ b/internal/gen/controller/api/services/managed_group_service.pb.go @@ -30,7 +30,7 @@ type GetManagedGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *GetManagedGroupRequest) Reset() { @@ -124,8 +124,8 @@ type ListManagedGroupsRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - AuthMethodId string `protobuf:"bytes,1,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty"` - Filter string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty"` + AuthMethodId string `protobuf:"bytes,1,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty" class:"public"` // @gotags: `class:"public"` + Filter string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *ListManagedGroupsRequest) Reset() { @@ -273,7 +273,7 @@ type CreateManagedGroupResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` + Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty" class:"public"` // @gotags: `class:"public"` Item *managedgroups.ManagedGroup `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"` } @@ -328,7 +328,7 @@ type UpdateManagedGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` Item *managedgroups.ManagedGroup `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"` UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,proto3" json:"update_mask,omitempty"` } @@ -438,7 +438,7 @@ type DeleteManagedGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *DeleteManagedGroupRequest) Reset() { diff --git a/internal/proto/controller/api/resources/managedgroups/v1/managed_group.proto b/internal/proto/controller/api/resources/managedgroups/v1/managed_group.proto index 80f09fdca8..874c185d67 100644 --- a/internal/proto/controller/api/resources/managedgroups/v1/managed_group.proto +++ b/internal/proto/controller/api/resources/managedgroups/v1/managed_group.proto @@ -14,32 +14,32 @@ import "controller/custom_options/v1/options.proto"; // ManagedGroup contains all fields related to an ManagedGroup resource message ManagedGroup { // Output only. The ID of the ManagedGroup. - string id = 10; + string id = 10; // @gotags: `class:"public"` // Output only. Scope information for the ManagedGroup. resources.scopes.v1.ScopeInfo scope = 20; // Optional name for identification purposes. - google.protobuf.StringValue name = 30 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "Name"}]; + google.protobuf.StringValue name = 30 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "Name"}]; // @gotags: `class:"public"` // Optional user-set description for identification purposes. - google.protobuf.StringValue description = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "Description"}]; + google.protobuf.StringValue description = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "Description"}]; // @gotags: `class:"public"` // Output only. The time this resource was created. - google.protobuf.Timestamp created_time = 50 [json_name="created_time"]; + google.protobuf.Timestamp created_time = 50 [json_name="created_time"]; // @gotags: `class:"public"` // Output only. The time this resource was last updated. - google.protobuf.Timestamp updated_time = 60 [json_name="updated_time"]; + google.protobuf.Timestamp updated_time = 60 [json_name="updated_time"]; // @gotags: `class:"public"` // Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - uint32 version = 70; + uint32 version = 70; // @gotags: `class:"public"` // The type of this ManagedGroup. - string type = 80; + string type = 80; // @gotags: `class:"public"` // The ID of the Auth Method that is associated with this ManagedGroup. - string auth_method_id = 90 [json_name="auth_method_id"]; + string auth_method_id = 90 [json_name="auth_method_id", (custom_options.v1.subtype_source_id) = true]; // @gotags: `class:"public"` oneof attrs { // The attributes that are applicable for the specific ManagedGroup type. @@ -55,14 +55,14 @@ message ManagedGroup { } // Output only. The IDs of the current set of members (accounts) that are associated with this ManagedGroup. - repeated string member_ids = 110 [json_name="member_ids"]; + repeated string member_ids = 110 [json_name="member_ids"]; // @gotags: `class:"public"` // Output only. The available actions on this resource for this user. - repeated string authorized_actions = 300 [json_name="authorized_actions"]; + repeated string authorized_actions = 300 [json_name="authorized_actions"]; // @gotags: `class:"public"` } // Attributes associated only with ManagedGroups with type "oidc". message OidcManagedGroupAttributes { // The boolean expression filter to use to determine membership. - string filter = 10 [json_name="filter", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"attributes.filter" that: "Filter"}]; + string filter = 10 [json_name="filter", (custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"attributes.filter" that: "Filter"}]; // @gotags: `class:"public"` } diff --git a/internal/proto/controller/api/services/v1/managed_group_service.proto b/internal/proto/controller/api/services/v1/managed_group_service.proto index 3dd1091e0a..110bf0ed94 100644 --- a/internal/proto/controller/api/services/v1/managed_group_service.proto +++ b/internal/proto/controller/api/services/v1/managed_group_service.proto @@ -89,7 +89,7 @@ service ManagedGroupService { } message GetManagedGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` } message GetManagedGroupResponse { @@ -97,8 +97,8 @@ message GetManagedGroupResponse { } message ListManagedGroupsRequest { - string auth_method_id = 1 [json_name="auth_method_id"]; - string filter = 30 [json_name="filter"]; + string auth_method_id = 1 [json_name="auth_method_id"]; // @gotags: `class:"public"` + string filter = 30 [json_name="filter"]; // @gotags: `class:"public"` } message ListManagedGroupsResponse { @@ -110,12 +110,12 @@ message CreateManagedGroupRequest { } message CreateManagedGroupResponse { - string uri = 1; + string uri = 1; // @gotags: `class:"public"` resources.managedgroups.v1.ManagedGroup item = 2; } message UpdateManagedGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` resources.managedgroups.v1.ManagedGroup item = 2; google.protobuf.FieldMask update_mask = 3 [json_name="update_mask"]; } @@ -125,7 +125,7 @@ message UpdateManagedGroupResponse { } message DeleteManagedGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` } message DeleteManagedGroupResponse {} diff --git a/internal/servers/controller/handlers/managed_groups/managed_group_service.go b/internal/servers/controller/handlers/managed_groups/managed_group_service.go index 398fbd0c25..1c5ecd3f4f 100644 --- a/internal/servers/controller/handlers/managed_groups/managed_group_service.go +++ b/internal/servers/controller/handlers/managed_groups/managed_group_service.go @@ -28,6 +28,8 @@ import ( const ( // oidc field names attrFilterField = "attributes.filter" + + domain = "auth" ) var ( @@ -107,7 +109,7 @@ func (s Service) ListManagedGroups(ctx context.Context, req *pbs.ListManagedGrou } for _, mg := range ul { res.Id = mg.GetPublicId() - authorizedActions := authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId("auth", mg.GetPublicId())], requestauth.WithResource(&res)).Strings() + authorizedActions := authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId(domain, mg.GetPublicId())], requestauth.WithResource(&res)).Strings() if len(authorizedActions) == 0 { continue } @@ -168,7 +170,7 @@ func (s Service) GetManagedGroup(ctx context.Context, req *pbs.GetManagedGroupRe outputOpts = append(outputOpts, handlers.WithScope(authResults.Scope)) } if outputFields.Has(globals.AuthorizedActionsField) { - outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId("auth", mg.GetPublicId())]).Strings())) + outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId(domain, mg.GetPublicId())]).Strings())) } if outputFields.Has(globals.MemberIdsField) { outputOpts = append(outputOpts, handlers.WithMemberIds(memberIds)) @@ -210,7 +212,7 @@ func (s Service) CreateManagedGroup(ctx context.Context, req *pbs.CreateManagedG outputOpts = append(outputOpts, handlers.WithScope(authResults.Scope)) } if outputFields.Has(globals.AuthorizedActionsField) { - outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId("auth", mg.GetPublicId())]).Strings())) + outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId(domain, mg.GetPublicId())]).Strings())) } item, err := toProto(ctx, mg, outputOpts...) @@ -249,7 +251,7 @@ func (s Service) UpdateManagedGroup(ctx context.Context, req *pbs.UpdateManagedG outputOpts = append(outputOpts, handlers.WithScope(authResults.Scope)) } if outputFields.Has(globals.AuthorizedActionsField) { - outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId("auth", mg.GetPublicId())]).Strings())) + outputOpts = append(outputOpts, handlers.WithAuthorizedActions(authResults.FetchActionSetForId(ctx, mg.GetPublicId(), IdActions[subtypes.SubtypeFromId(domain, mg.GetPublicId())]).Strings())) } item, err := toProto(ctx, mg, outputOpts...) @@ -279,7 +281,7 @@ func (s Service) DeleteManagedGroup(ctx context.Context, req *pbs.DeleteManagedG func (s Service) getFromRepo(ctx context.Context, id string) (auth.ManagedGroup, []string, error) { var out auth.ManagedGroup var memberIds []string - switch subtypes.SubtypeFromId("auth", id) { + switch subtypes.SubtypeFromId(domain, id) { case oidc.Subtype: repo, err := s.oidcRepoFn() if err != nil { @@ -347,7 +349,7 @@ func (s Service) createInRepo(ctx context.Context, am auth.AuthMethod, item *pb. return nil, errors.New(ctx, errors.InvalidParameter, op, "missing item") } var out auth.ManagedGroup - switch subtypes.SubtypeFromId("auth", am.GetPublicId()) { + switch subtypes.SubtypeFromId(domain, am.GetPublicId()) { case oidc.Subtype: am, err := s.createOidcInRepo(ctx, am, item) if err != nil { @@ -400,7 +402,7 @@ func (s Service) updateOidcInRepo(ctx context.Context, scopeId, amId, id string, func (s Service) updateInRepo(ctx context.Context, scopeId, authMethodId string, req *pbs.UpdateManagedGroupRequest) (auth.ManagedGroup, error) { const op = "managed_groups.(Service).updateInRepo" var out auth.ManagedGroup - switch subtypes.SubtypeFromId("auth", req.GetId()) { + switch subtypes.SubtypeFromId(domain, req.GetId()) { case oidc.Subtype: mg, err := s.updateOidcInRepo(ctx, scopeId, authMethodId, req.GetId(), req.GetUpdateMask().GetPaths(), req.GetItem()) if err != nil { @@ -418,7 +420,7 @@ func (s Service) deleteFromRepo(ctx context.Context, scopeId, id string) (bool, const op = "managed_groups.(Service).deleteFromRepo" var rows int var err error - switch subtypes.SubtypeFromId("auth", id) { + switch subtypes.SubtypeFromId(domain, id) { case oidc.Subtype: repo, iErr := s.oidcRepoFn() if iErr != nil { @@ -439,7 +441,7 @@ func (s Service) listFromRepo(ctx context.Context, authMethodId string) ([]auth. const op = "managed_groups.(Service).listFromRepo" var outUl []auth.ManagedGroup - switch subtypes.SubtypeFromId("auth", authMethodId) { + switch subtypes.SubtypeFromId(domain, authMethodId) { case oidc.Subtype: oidcRepo, err := s.oidcRepoFn() if err != nil { @@ -471,7 +473,7 @@ func (s Service) parentAndAuthResult(ctx context.Context, id string, a action.Ty case action.List, action.Create: parentId = id default: - switch subtypes.SubtypeFromId("auth", id) { + switch subtypes.SubtypeFromId(domain, id) { case oidc.Subtype: acct, err := oidcRepo.LookupManagedGroup(ctx, id) if err != nil { @@ -491,7 +493,7 @@ func (s Service) parentAndAuthResult(ctx context.Context, id string, a action.Ty } var authMeth auth.AuthMethod - switch subtypes.SubtypeFromId("auth", parentId) { + switch subtypes.SubtypeFromId(domain, parentId) { case oidc.Subtype: am, err := oidcRepo.LookupAuthMethod(ctx, parentId) if err != nil { @@ -591,7 +593,7 @@ func validateCreateRequest(req *pbs.CreateManagedGroupRequest) error { if req.GetItem().GetAuthMethodId() == "" { badFields[globals.AuthMethodIdField] = "This field is required." } - switch subtypes.SubtypeFromId("auth", req.GetItem().GetAuthMethodId()) { + switch subtypes.SubtypeFromId(domain, req.GetItem().GetAuthMethodId()) { case oidc.Subtype: if req.GetItem().GetType() != "" && req.GetItem().GetType() != oidc.Subtype.String() { badFields[globals.TypeField] = "Doesn't match the parent resource's type." @@ -621,7 +623,7 @@ func validateUpdateRequest(req *pbs.UpdateManagedGroupRequest) error { } return handlers.ValidateUpdateRequest(req, req.GetItem(), func() map[string]string { badFields := map[string]string{} - switch subtypes.SubtypeFromId("auth", req.GetId()) { + switch subtypes.SubtypeFromId(domain, req.GetId()) { case oidc.Subtype: if req.GetItem().GetType() != "" && req.GetItem().GetType() != oidc.Subtype.String() { badFields[globals.TypeField] = "Cannot modify the resource type." diff --git a/internal/tests/api/managedgroups/classification_test.go b/internal/tests/api/managedgroups/classification_test.go new file mode 100644 index 0000000000..ff9a624a16 --- /dev/null +++ b/internal/tests/api/managedgroups/classification_test.go @@ -0,0 +1,107 @@ +package managedgroups_test + +import ( + "context" + "encoding/json" + "testing" + "time" + + "github.com/hashicorp/boundary/sdk/pbs/controller/api" + pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/managedgroups" + "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes" + "github.com/hashicorp/boundary/sdk/wrapper" + "github.com/hashicorp/eventlogger" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/timestamppb" + "google.golang.org/protobuf/types/known/wrapperspb" +) + +func TestGroupsClassification(t *testing.T) { + ctx := context.Background() + now := time.Now() + pbNow := timestamppb.Now() + wrapper := wrapper.TestWrapper(t) + testEncryptingFilter := api.NewEncryptFilter(t, wrapper) + + cases := []struct { + name string + in *eventlogger.Event + want *eventlogger.Event + }{ + { + name: "validate-group-filtering", + in: &eventlogger.Event{ + Type: "test", + CreatedAt: now, + Payload: &pb.ManagedGroup{ + Id: "id", + Scope: &scopes.ScopeInfo{ + Id: "scope-id", + Type: "scope-type", + Name: "scope-name", + Description: "description", + ParentScopeId: "parent-scope-id", + }, + Name: &wrapperspb.StringValue{Value: "name"}, + Description: &wrapperspb.StringValue{Value: "descrption"}, + CreatedTime: pbNow, + UpdatedTime: pbNow, + Version: 0, + Type: "oidc", + AuthMethodId: "auth-method-id", + Attrs: &pb.ManagedGroup_OidcManagedGroupAttributes{ + OidcManagedGroupAttributes: &pb.OidcManagedGroupAttributes{ + Filter: "filter", + }, + }, + MemberIds: []string{"member-id-1", "member-id-2"}, + AuthorizedActions: []string{"action1", "action2"}, + }, + }, + want: &eventlogger.Event{ + Type: "test", + CreatedAt: now, + Payload: &pb.ManagedGroup{ + Id: "id", + Scope: &scopes.ScopeInfo{ + Id: "scope-id", + Type: "scope-type", + Name: "scope-name", + Description: "description", + ParentScopeId: "parent-scope-id", + }, + Name: &wrapperspb.StringValue{Value: "name"}, + Description: &wrapperspb.StringValue{Value: "descrption"}, + CreatedTime: pbNow, + UpdatedTime: pbNow, + Version: 0, + Type: "oidc", + AuthMethodId: "auth-method-id", + Attrs: &pb.ManagedGroup_OidcManagedGroupAttributes{ + OidcManagedGroupAttributes: &pb.OidcManagedGroupAttributes{ + Filter: "filter", + }, + }, + MemberIds: []string{"member-id-1", "member-id-2"}, + AuthorizedActions: []string{"action1", "action2"}, + }, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + assert, require := assert.New(t), require.New(t) + got, err := testEncryptingFilter.Process(ctx, tc.in) + require.NoError(err) + require.NotNil(got) + gotJSON, err := json.Marshal(got) + require.NoError(err) + + wantJSON, err := json.Marshal(tc.want) + require.NoError(err) + assert.JSONEq(string(wantJSON), string(gotJSON)) + }) + } +} diff --git a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go index 54374af728..bc1ce8bc37 100644 --- a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go +++ b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go @@ -33,32 +33,32 @@ type ManagedGroup struct { unknownFields protoimpl.UnknownFields // Output only. The ID of the ManagedGroup. - Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. Scope information for the ManagedGroup. Scope *scopes.ScopeInfo `protobuf:"bytes,20,opt,name=scope,proto3" json:"scope,omitempty"` // Optional name for identification purposes. - Name *wrapperspb.StringValue `protobuf:"bytes,30,opt,name=name,proto3" json:"name,omitempty"` + Name *wrapperspb.StringValue `protobuf:"bytes,30,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"` // Optional user-set description for identification purposes. - Description *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=description,proto3" json:"description,omitempty"` + Description *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The time this resource was created. - CreatedTime *timestamppb.Timestamp `protobuf:"bytes,50,opt,name=created_time,proto3" json:"created_time,omitempty"` + CreatedTime *timestamppb.Timestamp `protobuf:"bytes,50,opt,name=created_time,proto3" json:"created_time,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The time this resource was last updated. - UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=updated_time,proto3" json:"updated_time,omitempty"` + UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=updated_time,proto3" json:"updated_time,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty"` + Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` // The type of this ManagedGroup. - Type string `protobuf:"bytes,80,opt,name=type,proto3" json:"type,omitempty"` + Type string `protobuf:"bytes,80,opt,name=type,proto3" json:"type,omitempty" class:"public"` // @gotags: `class:"public"` // The ID of the Auth Method that is associated with this ManagedGroup. - AuthMethodId string `protobuf:"bytes,90,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty"` + AuthMethodId string `protobuf:"bytes,90,opt,name=auth_method_id,proto3" json:"auth_method_id,omitempty" class:"public"` // @gotags: `class:"public"` // Types that are assignable to Attrs: // *ManagedGroup_Attributes // *ManagedGroup_OidcManagedGroupAttributes Attrs isManagedGroup_Attrs `protobuf_oneof:"attrs"` // Output only. The IDs of the current set of members (accounts) that are associated with this ManagedGroup. - MemberIds []string `protobuf:"bytes,110,rep,name=member_ids,proto3" json:"member_ids,omitempty"` + MemberIds []string `protobuf:"bytes,110,rep,name=member_ids,proto3" json:"member_ids,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The available actions on this resource for this user. - AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty"` + AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *ManagedGroup) Reset() { @@ -215,7 +215,7 @@ type OidcManagedGroupAttributes struct { unknownFields protoimpl.UnknownFields // The boolean expression filter to use to determine membership. - Filter string `protobuf:"bytes,10,opt,name=filter,proto3" json:"filter,omitempty"` + Filter string `protobuf:"bytes,10,opt,name=filter,proto3" json:"filter,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *OidcManagedGroupAttributes) Reset() { @@ -280,7 +280,7 @@ var file_controller_api_resources_managedgroups_v1_managed_group_proto_rawDesc = 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xb6, 0x06, 0x0a, 0x0c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, + 0x74, 0x6f, 0x22, 0xbc, 0x06, 0x0a, 0x0c, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, @@ -308,42 +308,43 @@ var file_controller_api_resources_managedgroups_v1_managed_group_proto_rawDesc = 0x74, 0x69, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x46, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x50, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x5f, 0x69, 0x64, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, - 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x69, 0x64, 0x12, 0x4a, 0x0a, 0x0a, 0x61, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x0f, 0xa0, 0xda, 0x29, 0x01, 0x9a, 0xe3, 0x29, - 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0xa8, 0x01, 0x0a, 0x1d, 0x6f, 0x69, 0x64, 0x63, 0x5f, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x61, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x64, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x69, 0x64, 0x63, 0x4d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x1c, 0xa0, 0xda, 0x29, 0x01, 0x9a, 0xe3, 0x29, 0x04, 0x6f, - 0x69, 0x64, 0x63, 0xfa, 0xd2, 0xe4, 0x93, 0x02, 0x0a, 0x12, 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, - 0x4e, 0x41, 0x4c, 0x48, 0x00, 0x52, 0x1a, 0x6f, 0x69, 0x64, 0x63, 0x4d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x73, 0x18, - 0x6e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x69, 0x64, - 0x73, 0x12, 0x2f, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, - 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xac, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x61, 0x74, 0x74, 0x72, 0x73, 0x22, 0x59, 0x0a, 0x1a, 0x4f, - 0x69, 0x64, 0x63, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x69, 0x6c, - 0x74, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x23, 0xa0, 0xda, 0x29, 0x01, 0xc2, - 0xdd, 0x29, 0x1b, 0x0a, 0x11, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, - 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x06, - 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x42, 0x5c, 0x5a, 0x5a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, - 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x3b, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x65, 0x12, 0x2c, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x5f, 0x69, 0x64, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xa0, 0xe3, 0x29, 0x01, + 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x69, 0x64, + 0x12, 0x4a, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x64, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x0f, 0xa0, + 0xda, 0x29, 0x01, 0x9a, 0xe3, 0x29, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, + 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0xa8, 0x01, 0x0a, + 0x1d, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x5f, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x65, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, + 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, + 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x4f, 0x69, 0x64, 0x63, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, + 0x70, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x1c, 0xa0, 0xda, 0x29, + 0x01, 0x9a, 0xe3, 0x29, 0x04, 0x6f, 0x69, 0x64, 0x63, 0xfa, 0xd2, 0xe4, 0x93, 0x02, 0x0a, 0x12, + 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x48, 0x00, 0x52, 0x1a, 0x6f, 0x69, 0x64, + 0x63, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, 0x65, 0x6d, 0x62, 0x65, + 0x72, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x6e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x6d, + 0x62, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x2f, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xac, 0x02, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, + 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x61, 0x74, 0x74, 0x72, + 0x73, 0x22, 0x59, 0x0a, 0x1a, 0x4f, 0x69, 0x64, 0x63, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, + 0x3b, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x23, 0xa0, 0xda, 0x29, 0x01, 0xc2, 0xdd, 0x29, 0x1b, 0x0a, 0x11, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x06, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x42, 0x5c, 0x5a, 0x5a, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x73, 0x64, + 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x6d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x64, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x3b, 0x6d, 0x61, 0x6e, + 0x61, 0x67, 0x65, 0x64, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var (