// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/authmethods/v1/auth_method.proto package authmethods import ( _ "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options" scopes "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes" _ "github.com/hashicorp/boundary/sdk/pbs/controller/protooptions" _ "google.golang.org/genproto/googleapis/api/annotations" _ "google.golang.org/genproto/googleapis/api/visibility" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" sync "sync" unsafe "unsafe" ) const ( // Verify that this generated code is sufficiently up-to-date. _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) // Verify that runtime/protoimpl is sufficiently up-to-date. _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) // AuthMethod contains all fields related to an auth method resource type AuthMethod struct { state protoimpl.MessageState `protogen:"open.v1"` // The ID of the auth method. Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // The ID of the Scope of which this auth method is a part. ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // Scope information for this Auth method. Scope *scopes.ScopeInfo `protobuf:"bytes,30,opt,name=scope,proto3" json:"scope,omitempty"` // Optional name for identification purposes. Name *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"` // Optional user-set description for identification purposes. Description *wrapperspb.StringValue `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"` // The time this resource was created. CreatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=created_time,proto3" json:"created_time,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // The time this resource was last updated. UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,70,opt,name=updated_time,proto3" json:"updated_time,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. // Version is not required when you create an auth method. Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` // The auth method type. Type string `protobuf:"bytes,90,opt,name=type,proto3" json:"type,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // Types that are valid to be assigned to Attrs: // // *AuthMethod_Attributes // *AuthMethod_PasswordAuthMethodAttributes // *AuthMethod_OidcAuthMethodsAttributes // *AuthMethod_LdapAuthMethodsAttributes Attrs isAuthMethod_Attrs `protobuf_oneof:"attrs"` // Whether this auth method is the primary auth method for it's scope. // To change this value update the primary_auth_method_id field on the scope. IsPrimary bool `protobuf:"varint,110,opt,name=is_primary,proto3" json:"is_primary,omitempty" class:"public" eventstream:"observation"` // @gotags: `class:"public" eventstream:"observation"` // The available actions on this resource for this user. AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty" class:"public"` // @gotags: `class:"public"` // The authorized actions for the scope's collections. AuthorizedCollectionActions map[string]*structpb.ListValue `protobuf:"bytes,310,rep,name=authorized_collection_actions,proto3" json:"authorized_collection_actions,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // classified as public via taggable implementation unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AuthMethod) Reset() { *x = AuthMethod{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AuthMethod) String() string { return protoimpl.X.MessageStringOf(x) } func (*AuthMethod) ProtoMessage() {} func (x *AuthMethod) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[0] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AuthMethod.ProtoReflect.Descriptor instead. func (*AuthMethod) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{0} } func (x *AuthMethod) GetId() string { if x != nil { return x.Id } return "" } func (x *AuthMethod) GetScopeId() string { if x != nil { return x.ScopeId } return "" } func (x *AuthMethod) GetScope() *scopes.ScopeInfo { if x != nil { return x.Scope } return nil } func (x *AuthMethod) GetName() *wrapperspb.StringValue { if x != nil { return x.Name } return nil } func (x *AuthMethod) GetDescription() *wrapperspb.StringValue { if x != nil { return x.Description } return nil } func (x *AuthMethod) GetCreatedTime() *timestamppb.Timestamp { if x != nil { return x.CreatedTime } return nil } func (x *AuthMethod) GetUpdatedTime() *timestamppb.Timestamp { if x != nil { return x.UpdatedTime } return nil } func (x *AuthMethod) GetVersion() uint32 { if x != nil { return x.Version } return 0 } func (x *AuthMethod) GetType() string { if x != nil { return x.Type } return "" } func (x *AuthMethod) GetAttrs() isAuthMethod_Attrs { if x != nil { return x.Attrs } return nil } func (x *AuthMethod) GetAttributes() *structpb.Struct { if x != nil { if x, ok := x.Attrs.(*AuthMethod_Attributes); ok { return x.Attributes } } return nil } func (x *AuthMethod) GetPasswordAuthMethodAttributes() *PasswordAuthMethodAttributes { if x != nil { if x, ok := x.Attrs.(*AuthMethod_PasswordAuthMethodAttributes); ok { return x.PasswordAuthMethodAttributes } } return nil } func (x *AuthMethod) GetOidcAuthMethodsAttributes() *OidcAuthMethodAttributes { if x != nil { if x, ok := x.Attrs.(*AuthMethod_OidcAuthMethodsAttributes); ok { return x.OidcAuthMethodsAttributes } } return nil } func (x *AuthMethod) GetLdapAuthMethodsAttributes() *LdapAuthMethodAttributes { if x != nil { if x, ok := x.Attrs.(*AuthMethod_LdapAuthMethodsAttributes); ok { return x.LdapAuthMethodsAttributes } } return nil } func (x *AuthMethod) GetIsPrimary() bool { if x != nil { return x.IsPrimary } return false } func (x *AuthMethod) GetAuthorizedActions() []string { if x != nil { return x.AuthorizedActions } return nil } func (x *AuthMethod) GetAuthorizedCollectionActions() map[string]*structpb.ListValue { if x != nil { return x.AuthorizedCollectionActions } return nil } type isAuthMethod_Attrs interface { isAuthMethod_Attrs() } type AuthMethod_Attributes struct { // The attributes that are applicable for the specific auth method type. Attributes *structpb.Struct `protobuf:"bytes,100,opt,name=attributes,proto3,oneof"` } type AuthMethod_PasswordAuthMethodAttributes struct { PasswordAuthMethodAttributes *PasswordAuthMethodAttributes `protobuf:"bytes,101,opt,name=password_auth_method_attributes,json=passwordAuthMethodAttributes,proto3,oneof"` } type AuthMethod_OidcAuthMethodsAttributes struct { OidcAuthMethodsAttributes *OidcAuthMethodAttributes `protobuf:"bytes,102,opt,name=oidc_auth_methods_attributes,json=oidcAuthMethodsAttributes,proto3,oneof"` } type AuthMethod_LdapAuthMethodsAttributes struct { LdapAuthMethodsAttributes *LdapAuthMethodAttributes `protobuf:"bytes,103,opt,name=ldap_auth_methods_attributes,json=ldapAuthMethodsAttributes,proto3,oneof"` } func (*AuthMethod_Attributes) isAuthMethod_Attrs() {} func (*AuthMethod_PasswordAuthMethodAttributes) isAuthMethod_Attrs() {} func (*AuthMethod_OidcAuthMethodsAttributes) isAuthMethod_Attrs() {} func (*AuthMethod_LdapAuthMethodsAttributes) isAuthMethod_Attrs() {} // The attributes of a password typed auth method. type PasswordAuthMethodAttributes struct { state protoimpl.MessageState `protogen:"open.v1"` // The minimum length allowed for user names for accounts in this auth method. MinLoginNameLength uint32 `protobuf:"varint,10,opt,name=min_login_name_length,proto3" json:"min_login_name_length,omitempty" class:"public"` // @gotags: `class:"public"` // The minimum length allowed for passwords for accounts in this auth method. MinPasswordLength uint32 `protobuf:"varint,20,opt,name=min_password_length,proto3" json:"min_password_length,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *PasswordAuthMethodAttributes) Reset() { *x = PasswordAuthMethodAttributes{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *PasswordAuthMethodAttributes) String() string { return protoimpl.X.MessageStringOf(x) } func (*PasswordAuthMethodAttributes) ProtoMessage() {} func (x *PasswordAuthMethodAttributes) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use PasswordAuthMethodAttributes.ProtoReflect.Descriptor instead. func (*PasswordAuthMethodAttributes) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{1} } func (x *PasswordAuthMethodAttributes) GetMinLoginNameLength() uint32 { if x != nil { return x.MinLoginNameLength } return 0 } func (x *PasswordAuthMethodAttributes) GetMinPasswordLength() uint32 { if x != nil { return x.MinPasswordLength } return 0 } // The attributes of an OIDC typed auth method. type OidcAuthMethodAttributes struct { state protoimpl.MessageState `protogen:"open.v1"` // The state of the auth method. Will be "inactive", // "active-private", or "active-public". State string `protobuf:"bytes,10,opt,name=state,proto3" json:"state,omitempty" class:"public"` // @gotags: `class:"public"` // The issuer URL. Boundary expects only the schema, host, and port and will // strip off ".well-known/openid-configuration" if present. This will be // used for configuration discovery as well as for validation of the "iss" // claim. Issuer *wrapperspb.StringValue `protobuf:"bytes,20,opt,name=issuer,proto3" json:"issuer,omitempty" class:"public"` // @gotags: `class:"public"` // An OAuth 2.0 Client Identifier valid at the Authorization Server. ClientId *wrapperspb.StringValue `protobuf:"bytes,30,opt,name=client_id,proto3" json:"client_id,omitempty" class:"public"` // @gotags: `class:"public"` // The client's secret. ClientSecret *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=client_secret,proto3" json:"client_secret,omitempty" class:"secret"` // @gotags: `class:"secret"` // The HMAC'd value of the clients secret to indicate whether // the client secret has changed. ClientSecretHmac string `protobuf:"bytes,50,opt,name=client_secret_hmac,proto3" json:"client_secret_hmac,omitempty" class:"public"` // @gotags: `class:"public"` // The OIDC "max_age" parameter sent to the Authorization Server indicating // a maximum acceptable time in seconds since the user's last authentication // before requiring the user to reauthenticate. 0 indicates an immediate // need to reauthenticate. MaxAge *wrapperspb.UInt32Value `protobuf:"bytes,60,opt,name=max_age,proto3" json:"max_age,omitempty" class:"public"` // @gotags: `class:"public"` // The signing algorithms allowed for the auth method. SigningAlgorithms []string `protobuf:"bytes,70,rep,name=signing_algorithms,proto3" json:"signing_algorithms,omitempty" class:"public"` // @gotags: `class:"public"` // The prefix that should be used for any URLs needed during the // authentication flow. This includes the callback URL, the token retrieval // URL, and the redirection URL used by the OIDC Authorization Server. ApiUrlPrefix *wrapperspb.StringValue `protobuf:"bytes,80,opt,name=api_url_prefix,proto3" json:"api_url_prefix,omitempty" class:"public"` // @gotags: `class:"public"` // The callback URL that should be configured on the // Authorization Server to use during the authentication flow. CallbackUrl string `protobuf:"bytes,90,opt,name=callback_url,proto3" json:"callback_url,omitempty" class:"public"` // @gotags: `class:"public"` // Optional PEM-encoded X.509 CA certificates that can be used as trust anchors // when connecting to an OIDC provider. IdpCaCerts []string `protobuf:"bytes,100,rep,name=idp_ca_certs,proto3" json:"idp_ca_certs,omitempty" class:"public"` // @gotags: `class:"public"` // Allowed audience claims for this auth method. AllowedAudiences []string `protobuf:"bytes,110,rep,name=allowed_audiences,proto3" json:"allowed_audiences,omitempty" class:"public"` // @gotags: `class:"public"` // Optional claims scopes that will be requested during authentication. // see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims ClaimsScopes []string `protobuf:"bytes,112,rep,name=claims_scopes,proto3" json:"claims_scopes,omitempty" class:"public"` // @gotags: `class:"public"` // account_claim_maps are optional claim maps from custom claims to the // standard claims of sub, name and email. These maps are represented as // key=value where the key equals the from_claim and the value equals the // to_claim. For example "oid=sub". AccountClaimMaps []string `protobuf:"bytes,113,rep,name=account_claim_maps,proto3" json:"account_claim_maps,omitempty" class:"public"` // @gotags: `class:"public"` // If the Authorization Server's discovered configuration contains values // that do not match the configuration set on this auth method, this can be // set to force the local configuration to override the discovered values. // This is useful in the case of slow-changing or incorrect values announced // by the Authorization Server. NOTE: For safety, not providing this value // will be treated the same as "false"; that is, every time the method is // updated or the state is changed, this value must be set to "true" or it // will be disabled. DisableDiscoveredConfigValidation bool `protobuf:"varint,120,opt,name=disable_discovered_config_validation,proto3" json:"disable_discovered_config_validation,omitempty" class:"public"` // @gotags: `class:"public"` // dry_run, when set on an update request, indicates that the changes should // not be persisted. Boundary will still perform the normal checks to confirm // the auth method is complete and validated against the discovered config. // This value will also be set on the returned resource when set in the request // along with the updated fields applied to the resource (but not persisted) as // a result of the update request. DryRun bool `protobuf:"varint,130,opt,name=dry_run,proto3" json:"dry_run,omitempty" class:"public"` // @gotags: `class:"public"` // The prompts allowed for the auth method. Prompts []string `protobuf:"bytes,140,rep,name=prompts,proto3" json:"prompts,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAttributes) Reset() { *x = OidcAuthMethodAttributes{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAttributes) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAttributes) ProtoMessage() {} func (x *OidcAuthMethodAttributes) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAttributes.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAttributes) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{2} } func (x *OidcAuthMethodAttributes) GetState() string { if x != nil { return x.State } return "" } func (x *OidcAuthMethodAttributes) GetIssuer() *wrapperspb.StringValue { if x != nil { return x.Issuer } return nil } func (x *OidcAuthMethodAttributes) GetClientId() *wrapperspb.StringValue { if x != nil { return x.ClientId } return nil } func (x *OidcAuthMethodAttributes) GetClientSecret() *wrapperspb.StringValue { if x != nil { return x.ClientSecret } return nil } func (x *OidcAuthMethodAttributes) GetClientSecretHmac() string { if x != nil { return x.ClientSecretHmac } return "" } func (x *OidcAuthMethodAttributes) GetMaxAge() *wrapperspb.UInt32Value { if x != nil { return x.MaxAge } return nil } func (x *OidcAuthMethodAttributes) GetSigningAlgorithms() []string { if x != nil { return x.SigningAlgorithms } return nil } func (x *OidcAuthMethodAttributes) GetApiUrlPrefix() *wrapperspb.StringValue { if x != nil { return x.ApiUrlPrefix } return nil } func (x *OidcAuthMethodAttributes) GetCallbackUrl() string { if x != nil { return x.CallbackUrl } return "" } func (x *OidcAuthMethodAttributes) GetIdpCaCerts() []string { if x != nil { return x.IdpCaCerts } return nil } func (x *OidcAuthMethodAttributes) GetAllowedAudiences() []string { if x != nil { return x.AllowedAudiences } return nil } func (x *OidcAuthMethodAttributes) GetClaimsScopes() []string { if x != nil { return x.ClaimsScopes } return nil } func (x *OidcAuthMethodAttributes) GetAccountClaimMaps() []string { if x != nil { return x.AccountClaimMaps } return nil } func (x *OidcAuthMethodAttributes) GetDisableDiscoveredConfigValidation() bool { if x != nil { return x.DisableDiscoveredConfigValidation } return false } func (x *OidcAuthMethodAttributes) GetDryRun() bool { if x != nil { return x.DryRun } return false } func (x *OidcAuthMethodAttributes) GetPrompts() []string { if x != nil { return x.Prompts } return nil } // The structure of the OIDC authenticate start response, in the JSON object type OidcAuthMethodAuthenticateStartResponse struct { state protoimpl.MessageState `protogen:"open.v1"` // The returned authentication URL AuthUrl string `protobuf:"bytes,10,opt,name=auth_url,proto3" json:"auth_url,omitempty" class:"public"` // @gotags: `class:"public"` // The returned token ID TokenId string `protobuf:"bytes,30,opt,name=token_id,proto3" json:"token_id,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAuthenticateStartResponse) Reset() { *x = OidcAuthMethodAuthenticateStartResponse{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAuthenticateStartResponse) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAuthenticateStartResponse) ProtoMessage() {} func (x *OidcAuthMethodAuthenticateStartResponse) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAuthenticateStartResponse.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAuthenticateStartResponse) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{3} } func (x *OidcAuthMethodAuthenticateStartResponse) GetAuthUrl() string { if x != nil { return x.AuthUrl } return "" } func (x *OidcAuthMethodAuthenticateStartResponse) GetTokenId() string { if x != nil { return x.TokenId } return "" } // The structure of OIDC callback request parameters type OidcAuthMethodAuthenticateCallbackRequest struct { state protoimpl.MessageState `protogen:"open.v1"` // The returned code Code string `protobuf:"bytes,10,opt,name=code,proto3" json:"code,omitempty" class:"secret"` // @gotags: `class:"secret"` // The returned state State string `protobuf:"bytes,20,opt,name=state,proto3" json:"state,omitempty" class:"public"` // @gotags: `class:"public"` // Error parameters, if they are returned Error string `protobuf:"bytes,30,opt,name=error,proto3" json:"error,omitempty" class:"public"` // @gotags: `class:"public"` ErrorDescription string `protobuf:"bytes,40,opt,name=error_description,proto3" json:"error_description,omitempty" class:"public"` // @gotags: `class:"public"` ErrorUri string `protobuf:"bytes,50,opt,name=error_uri,proto3" json:"error_uri,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAuthenticateCallbackRequest) Reset() { *x = OidcAuthMethodAuthenticateCallbackRequest{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAuthenticateCallbackRequest) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAuthenticateCallbackRequest) ProtoMessage() {} func (x *OidcAuthMethodAuthenticateCallbackRequest) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAuthenticateCallbackRequest.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAuthenticateCallbackRequest) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{4} } func (x *OidcAuthMethodAuthenticateCallbackRequest) GetCode() string { if x != nil { return x.Code } return "" } func (x *OidcAuthMethodAuthenticateCallbackRequest) GetState() string { if x != nil { return x.State } return "" } func (x *OidcAuthMethodAuthenticateCallbackRequest) GetError() string { if x != nil { return x.Error } return "" } func (x *OidcAuthMethodAuthenticateCallbackRequest) GetErrorDescription() string { if x != nil { return x.ErrorDescription } return "" } func (x *OidcAuthMethodAuthenticateCallbackRequest) GetErrorUri() string { if x != nil { return x.ErrorUri } return "" } // The structure of OIDC callback response parameters type OidcAuthMethodAuthenticateCallbackResponse struct { state protoimpl.MessageState `protogen:"open.v1"` // The final redirection URL FinalRedirectUrl string `protobuf:"bytes,10,opt,name=final_redirect_url,proto3" json:"final_redirect_url,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAuthenticateCallbackResponse) Reset() { *x = OidcAuthMethodAuthenticateCallbackResponse{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAuthenticateCallbackResponse) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAuthenticateCallbackResponse) ProtoMessage() {} func (x *OidcAuthMethodAuthenticateCallbackResponse) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAuthenticateCallbackResponse.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAuthenticateCallbackResponse) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{5} } func (x *OidcAuthMethodAuthenticateCallbackResponse) GetFinalRedirectUrl() string { if x != nil { return x.FinalRedirectUrl } return "" } // The structure of OIDC token request parameters type OidcAuthMethodAuthenticateTokenRequest struct { state protoimpl.MessageState `protogen:"open.v1"` // The ID of the pending token TokenId string `protobuf:"bytes,10,opt,name=token_id,proto3" json:"token_id,omitempty" class:"secret"` // @gotags: `class:"secret"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAuthenticateTokenRequest) Reset() { *x = OidcAuthMethodAuthenticateTokenRequest{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAuthenticateTokenRequest) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAuthenticateTokenRequest) ProtoMessage() {} func (x *OidcAuthMethodAuthenticateTokenRequest) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAuthenticateTokenRequest.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAuthenticateTokenRequest) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{6} } func (x *OidcAuthMethodAuthenticateTokenRequest) GetTokenId() string { if x != nil { return x.TokenId } return "" } // Internal only: the structure of a token response if it _does not_ contain a // token. type OidcAuthMethodAuthenticateTokenResponse struct { state protoimpl.MessageState `protogen:"open.v1"` // The status. This will always be "unknown". It will never be forwarded to // the consumer. Status string `protobuf:"bytes,10,opt,name=status,proto3" json:"status,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *OidcAuthMethodAuthenticateTokenResponse) Reset() { *x = OidcAuthMethodAuthenticateTokenResponse{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *OidcAuthMethodAuthenticateTokenResponse) String() string { return protoimpl.X.MessageStringOf(x) } func (*OidcAuthMethodAuthenticateTokenResponse) ProtoMessage() {} func (x *OidcAuthMethodAuthenticateTokenResponse) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use OidcAuthMethodAuthenticateTokenResponse.ProtoReflect.Descriptor instead. func (*OidcAuthMethodAuthenticateTokenResponse) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{7} } func (x *OidcAuthMethodAuthenticateTokenResponse) GetStatus() string { if x != nil { return x.Status } return "" } // The attributes of an LDAP typed auth method. type LdapAuthMethodAttributes struct { state protoimpl.MessageState `protogen:"open.v1"` // The state of the auth method. Will be "inactive", // "active-private", or "active-public". State string `protobuf:"bytes,10,opt,name=state,proto3" json:"state,omitempty" class:"public"` // @gotags: `class:"public"` // start_tls if true, issues a StartTLS command after establishing an // unencrypted connection. Defaults to false. StartTls bool `protobuf:"varint,20,opt,name=start_tls,proto3" json:"start_tls,omitempty" class:"public"` // @gotags: `class:"public"` // insecure_tls if true, skips LDAP server SSL certificate validation - // insecure and use with caution. Defaults to false. InsecureTls bool `protobuf:"varint,30,opt,name=insecure_tls,proto3" json:"insecure_tls,omitempty" class:"public"` // @gotags: `class:"public"` // discover_dn if true, use anon bind to discover the bind DN of a user. // Defaults to false. DiscoverDn bool `protobuf:"varint,40,opt,name=discover_dn,proto3" json:"discover_dn,omitempty" class:"public"` // @gotags: `class:"public"` // anon_group_search if true, use anon bind when performing LDAP group // searches. Defaults to false. AnonGroupSearch bool `protobuf:"varint,50,opt,name=anon_group_search,proto3" json:"anon_group_search,omitempty" class:"public"` // @gotags: `class:"public"` // upn_domain is the userPrincipalDomain used to construct the UPN string for // the authenticating user. The constructed UPN will appear as // [username]@UPNDomain Example: example.com, which will cause Boundary to // bind as username@example.com when authenticating the user. UpnDomain *wrapperspb.StringValue `protobuf:"bytes,60,opt,name=upn_domain,proto3" json:"upn_domain,omitempty" class:"public"` // @gotags: `class:"public"` // urls are the LDAP URLS that specify LDAP servers to connection to. There // must be at lease on URL for each LDAP auth method. When attempting to // connect, the URLs are tried in the order specified. These are Value Objects // that will be stored as Url messages, and are operated on as a complete set // (not individually). Urls []string `protobuf:"bytes,70,rep,name=urls,proto3" json:"urls,omitempty" class:"public"` // @gotags: `class:"public"` // user_dn (optional) is the base DN under which to perform user search. // Example: ou=Users,dc=example,dc=com UserDn *wrapperspb.StringValue `protobuf:"bytes,80,opt,name=user_dn,proto3" json:"user_dn,omitempty" class:"public"` // @gotags: `class:"public"` // user_attr (optional) is the attribute on user attribute entry matching the // username passed when authenticating. Examples: cn, uid UserAttr *wrapperspb.StringValue `protobuf:"bytes,90,opt,name=user_attr,proto3" json:"user_attr,omitempty" class:"public"` // @gotags: `class:"public"` // user_filter (optional) is a go template used to construct a LDAP user // search filter. The template can access the following context variables: // [UserAttr, Username]. The default userfilter is // ({{.UserAttr}}={{.Username}}) or // (userPrincipalName={{.Username}}@UPNDomain) if the upndomain parameter is // set. UserFilter *wrapperspb.StringValue `protobuf:"bytes,100,opt,name=user_filter,proto3" json:"user_filter,omitempty" class:"public"` // @gotags: `class:"public"` // enable_groups if true, an authenticated user's groups will be found during // authentication. Defaults to false. EnableGroups bool `protobuf:"varint,110,opt,name=enable_groups,proto3" json:"enable_groups,omitempty" class:"public"` // @gotags: `class:"public"` // group_dn (optional) is the base DN under which to perform user search. // Example: ou=Groups,dc=example,dc=com // // Note: there is no default, so no base dn will be used for group searches if // it's not specified. GroupDn *wrapperspb.StringValue `protobuf:"bytes,120,opt,name=group_dn,proto3" json:"group_dn,omitempty" class:"public"` // @gotags: `class:"public"` // group_attr (optional) is the LDAP attribute to follow on objects returned // by GroupFilter in order to enumerate user group membership. Examples: for // GroupFilter queries returning group objects, use: cn. For queries returning // user objects, use: memberOf. The default is cn. GroupAttr *wrapperspb.StringValue `protobuf:"bytes,130,opt,name=group_attr,proto3" json:"group_attr,omitempty" class:"public"` // @gotags: `class:"public"` // group_filter (optional) is a Go template used when constructing the group // membership query. The template can access the following context variables: // [UserDN, Username]. The default is // (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), // which is compatible with several common directory schemas. GroupFilter *wrapperspb.StringValue `protobuf:"bytes,140,opt,name=group_filter,proto3" json:"group_filter,omitempty" class:"public"` // @gotags: `class:"public"` // certificates are optional PEM encoded x509 certificates in ASN.1 DER form // that can be used as trust anchors when connecting to an LDAP provider. // These are Value Objects that will be stored as Certificate messages, and // are operatated on as a complete set (not individually). Certificates []string `protobuf:"bytes,150,rep,name=certificates,proto3" json:"certificates,omitempty" class:"public"` // @gotags: `class:"public"` // client_certificate is the optional certificate encoded as PEM. It must be // set if an optional client_certificate_key specified ClientCertificate *wrapperspb.StringValue `protobuf:"bytes,160,opt,name=client_certificate,proto3" json:"client_certificate,omitempty" class:"public"` // @gotags: `class:"public"` // The client_certificate_key (optional) is the plain-text of the // certificate key data encoded as PEM. ClientCertificateKey *wrapperspb.StringValue `protobuf:"bytes,170,opt,name=client_certificate_key,proto3" json:"client_certificate_key,omitempty" class:"secret"` // @gotags: `class:"secret"` // The HMAC'd value of the client certificate key to indicate // whether the certificate key has changed. ClientCertificateKeyHmac string `protobuf:"bytes,180,opt,name=client_certificate_key_hmac,proto3" json:"client_certificate_key_hmac,omitempty" class:"public"` // @gotags: `class:"public"` // bind_dn (optional) is the distinguished name of entry to bind when // performing user and group search. Example: // cn=vault,ou=Users,dc=example,dc=com BindDn *wrapperspb.StringValue `protobuf:"bytes,190,opt,name=bind_dn,proto3" json:"bind_dn,omitempty" class:"public"` // @gotags: `class:"public"` // The bind_password (optional) is the password to use along with // binddn when performing user search. BindPassword *wrapperspb.StringValue `protobuf:"bytes,200,opt,name=bind_password,proto3" json:"bind_password,omitempty" class:"secret"` // @gotags: `class:"secret"` // The HMAC'd value of the bind password to indicate // whether the password has changed. BindPasswordHmac string `protobuf:"bytes,210,opt,name=bind_password_hmac,proto3" json:"bind_password_hmac,omitempty" class:"public"` // @gotags: `class:"public"` UseTokenGroups bool `protobuf:"varint,220,opt,name=use_token_groups,proto3" json:"use_token_groups,omitempty" class:"public"` // @gotags: `class:"public"` // account_attribute_maps are optional attribute maps from custom attributes // to the standard attributes of fullname and email. These maps are // represented as key=value where the key equals the from_attribute and the // value equals the to_attribute. For example "preferredName=fullName". All // attribute names are case insensitive. AccountAttributeMaps []string `protobuf:"bytes,230,rep,name=account_attribute_maps,proto3" json:"account_attribute_maps,omitempty" class:"public"` // @gotags: `class:"public"` // maximum_page_size (optional) specifies a maximum ldap search result size to // use when retrieving the authenticated user's group memberships. This can // be used to avoid reaching the LDAP server's max result size. MaximumPageSize uint32 `protobuf:"varint,240,opt,name=maximum_page_size,proto3" json:"maximum_page_size,omitempty" class:"public"` // @gotags: `class:"public"` // dereference_aliases (optional) will control how aliases are dereferenced when // performing the search. Possible values are: never, finding, searching, // and always. If unset, a default of "never" is used. When set to // "finding", it will only dereference aliases during name resolution of the // base. When set to "searching", it will dereference aliases after name // resolution. DereferenceAliases *wrapperspb.StringValue `protobuf:"bytes,250,opt,name=dereference_aliases,proto3" json:"dereference_aliases,omitempty" class:"public"` // @gotags: `class:"public"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *LdapAuthMethodAttributes) Reset() { *x = LdapAuthMethodAttributes{} mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *LdapAuthMethodAttributes) String() string { return protoimpl.X.MessageStringOf(x) } func (*LdapAuthMethodAttributes) ProtoMessage() {} func (x *LdapAuthMethodAttributes) ProtoReflect() protoreflect.Message { mi := &file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[8] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use LdapAuthMethodAttributes.ProtoReflect.Descriptor instead. func (*LdapAuthMethodAttributes) Descriptor() ([]byte, []int) { return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP(), []int{8} } func (x *LdapAuthMethodAttributes) GetState() string { if x != nil { return x.State } return "" } func (x *LdapAuthMethodAttributes) GetStartTls() bool { if x != nil { return x.StartTls } return false } func (x *LdapAuthMethodAttributes) GetInsecureTls() bool { if x != nil { return x.InsecureTls } return false } func (x *LdapAuthMethodAttributes) GetDiscoverDn() bool { if x != nil { return x.DiscoverDn } return false } func (x *LdapAuthMethodAttributes) GetAnonGroupSearch() bool { if x != nil { return x.AnonGroupSearch } return false } func (x *LdapAuthMethodAttributes) GetUpnDomain() *wrapperspb.StringValue { if x != nil { return x.UpnDomain } return nil } func (x *LdapAuthMethodAttributes) GetUrls() []string { if x != nil { return x.Urls } return nil } func (x *LdapAuthMethodAttributes) GetUserDn() *wrapperspb.StringValue { if x != nil { return x.UserDn } return nil } func (x *LdapAuthMethodAttributes) GetUserAttr() *wrapperspb.StringValue { if x != nil { return x.UserAttr } return nil } func (x *LdapAuthMethodAttributes) GetUserFilter() *wrapperspb.StringValue { if x != nil { return x.UserFilter } return nil } func (x *LdapAuthMethodAttributes) GetEnableGroups() bool { if x != nil { return x.EnableGroups } return false } func (x *LdapAuthMethodAttributes) GetGroupDn() *wrapperspb.StringValue { if x != nil { return x.GroupDn } return nil } func (x *LdapAuthMethodAttributes) GetGroupAttr() *wrapperspb.StringValue { if x != nil { return x.GroupAttr } return nil } func (x *LdapAuthMethodAttributes) GetGroupFilter() *wrapperspb.StringValue { if x != nil { return x.GroupFilter } return nil } func (x *LdapAuthMethodAttributes) GetCertificates() []string { if x != nil { return x.Certificates } return nil } func (x *LdapAuthMethodAttributes) GetClientCertificate() *wrapperspb.StringValue { if x != nil { return x.ClientCertificate } return nil } func (x *LdapAuthMethodAttributes) GetClientCertificateKey() *wrapperspb.StringValue { if x != nil { return x.ClientCertificateKey } return nil } func (x *LdapAuthMethodAttributes) GetClientCertificateKeyHmac() string { if x != nil { return x.ClientCertificateKeyHmac } return "" } func (x *LdapAuthMethodAttributes) GetBindDn() *wrapperspb.StringValue { if x != nil { return x.BindDn } return nil } func (x *LdapAuthMethodAttributes) GetBindPassword() *wrapperspb.StringValue { if x != nil { return x.BindPassword } return nil } func (x *LdapAuthMethodAttributes) GetBindPasswordHmac() string { if x != nil { return x.BindPasswordHmac } return "" } func (x *LdapAuthMethodAttributes) GetUseTokenGroups() bool { if x != nil { return x.UseTokenGroups } return false } func (x *LdapAuthMethodAttributes) GetAccountAttributeMaps() []string { if x != nil { return x.AccountAttributeMaps } return nil } func (x *LdapAuthMethodAttributes) GetMaximumPageSize() uint32 { if x != nil { return x.MaximumPageSize } return 0 } func (x *LdapAuthMethodAttributes) GetDereferenceAliases() *wrapperspb.StringValue { if x != nil { return x.DereferenceAliases } return nil } var File_controller_api_resources_authmethods_v1_auth_method_proto protoreflect.FileDescriptor const file_controller_api_resources_authmethods_v1_auth_method_proto_rawDesc = "" + "\n" + "9controller/api/resources/authmethods/v1/auth_method.proto\x12'controller.api.resources.authmethods.v1\x1a.controller/api/resources/scopes/v1/scope.proto\x1a*controller/custom_options/v1/options.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x1bgoogle/api/visibility.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a.protoc-gen-openapiv2/options/annotations.proto\"\x89\x17\n" + "\n" + "AuthMethod\x12\x14\n" + "\x02id\x18\n" + " \x01(\tB\x04\xe2A\x01\x03R\x02id\x12\x1a\n" + "\bscope_id\x18\x14 \x01(\tR\bscope_id\x12I\n" + "\x05scope\x18\x1e \x01(\v2-.controller.api.resources.scopes.v1.ScopeInfoB\x04\xe2A\x01\x03R\x05scope\x12F\n" + "\x04name\x18( \x01(\v2\x1c.google.protobuf.StringValueB\x14\xa0\xda)\x01\xc2\xdd)\f\n" + "\x04name\x12\x04NameR\x04name\x12b\n" + "\vdescription\x182 \x01(\v2\x1c.google.protobuf.StringValueB\"\xa0\xda)\x01\xc2\xdd)\x1a\n" + "\vdescription\x12\vDescriptionR\vdescription\x12D\n" + "\fcreated_time\x18< \x01(\v2\x1a.google.protobuf.TimestampB\x04\xe2A\x01\x03R\fcreated_time\x12D\n" + "\fupdated_time\x18F \x01(\v2\x1a.google.protobuf.TimestampB\x04\xe2A\x01\x03R\fupdated_time\x12\x18\n" + "\aversion\x18P \x01(\rR\aversion\x12\x12\n" + "\x04type\x18Z \x01(\tR\x04type\x12\xa4\f\n" + "\n" + "attributes\x18d \x01(\v2\x17.google.protobuf.StructB\xe8\v\x92A\xd5\v2\x98\vThe attributes that are applicable for the specific auth method type. The schema of this field depends on the type of the auth method that you create want to create.\n" + "For password auth methods, the parameters are:\n" + "```json\n" + "{\n" + " \"min_login_name_length\": \"min_login_name_length\",\n" + " \"min_password_length\": \"min_password_length\"\n" + "}\n" + "```\n" + "For OIDC auth methods, the parameters are:\n" + "```json\n" + "{\n" + " \"issuer\": \"issuer\",\n" + " \"client_id\": \"client_id\",\n" + " \"client_secret\": \"client_secret\",\n" + " \"max_age\": 3600,\n" + " \"signing_algorithms\": [],\n" + " \"api_url_prefix\": \"api_url_prefix\",\n" + " \"idp_ca_certs\": [],\n" + " \"allowed_audiences\": [],\n" + " \"claims_scopes\": [],\n" + " \"account_claim_maps\": [],\n" + " \"disable_discovered_config_validation\": false,\n" + " \"prompts\": []\n" + "}\n" + "```\n" + "For LDAP auth methods, the parameters are:\n" + "```json\n" + "{\n" + " \"start_tls\": false,\n" + " \"insecure_tls\": false,\n" + " \"discover_dn\": false,\n" + " \"anon_group_search\": false,\n" + " \"upn_domain\": \"upn_domain\",\n" + " \"urls\": [],\n" + " \"user_dn\": \"user_dn\",\n" + " \"user_attr\": \"user_attr\",\n" + " \"user_filter\": \"user_filter\",\n" + " \"enable_groups\": false,\n" + " \"group_dn\": \"group_dn\",\n" + " \"group_attr\": \"group_attr\",\n" + " \"group_filter\": \"group_filter\",\n" + " \"certificates\": [],\n" + " \"client_certificate\": \"client_certificate\",\n" + " \"client_certificate_key\": \"client_certificate_key\",\n" + " \"bind_dn\": \"bind_dn\",\n" + " \"bind_password\": \"bind_password\",\n" + " \"use_token_groups\": false,\n" + " \"account_attribute_maps\": [],\n" + " \"maximum_page_size\": 1000,\n" + " \"dereference_aliases\": \"never\"\n" + "}\n" + "```\n" + "J8{\"min_login_name_length\": 10, \"min_password_length\": 16}\xa0\xda)\x01\x9a\xe3)\adefaultH\x00R\n" + "attributes\x12\xb0\x01\n" + "\x1fpassword_auth_method_attributes\x18e \x01(\v2E.controller.api.resources.authmethods.v1.PasswordAuthMethodAttributesB \xa0\xda)\x01\x9a\xe3)\bpassword\xfa\xd2\xe4\x93\x02\n" + "\x12\bINTERNALH\x00R\x1cpasswordAuthMethodAttributes\x12\xa2\x01\n" + "\x1coidc_auth_methods_attributes\x18f \x01(\v2A.controller.api.resources.authmethods.v1.OidcAuthMethodAttributesB\x1c\xa0\xda)\x01\x9a\xe3)\x04oidc\xfa\xd2\xe4\x93\x02\n" + "\x12\bINTERNALH\x00R\x19oidcAuthMethodsAttributes\x12\xa2\x01\n" + "\x1cldap_auth_methods_attributes\x18g \x01(\v2A.controller.api.resources.authmethods.v1.LdapAuthMethodAttributesB\x1c\xa0\xda)\x01\x9a\xe3)\x04ldap\xfa\xd2\xe4\x93\x02\n" + "\x12\bINTERNALH\x00R\x19ldapAuthMethodsAttributes\x12$\n" + "\n" + "is_primary\x18n \x01(\bB\x04\xe2A\x01\x03R\n" + "is_primary\x125\n" + "\x12authorized_actions\x18\xac\x02 \x03(\tB\x04\xe2A\x01\x03R\x12authorized_actions\x12\xa1\x01\n" + "\x1dauthorized_collection_actions\x18\xb6\x02 \x03(\v2T.controller.api.resources.authmethods.v1.AuthMethod.AuthorizedCollectionActionsEntryB\x04\xe2A\x01\x03R\x1dauthorized_collection_actions\x1aj\n" + " AuthorizedCollectionActionsEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x120\n" + "\x05value\x18\x02 \x01(\v2\x1a.google.protobuf.ListValueR\x05value:\x028\x01B\a\n" + "\x05attrs\"\x83\x02\n" + "\x1cPasswordAuthMethodAttributes\x12t\n" + "\x15min_login_name_length\x18\n" + " \x01(\rB>\xa0\xda)\x01\xc2\xdd)6\n" + " attributes.min_login_name_length\x12\x12MinLoginNameLengthR\x15min_login_name_length\x12m\n" + "\x13min_password_length\x18\x14 \x01(\rB;\xa0\xda)\x01\xc2\xdd)3\n" + "\x1eattributes.min_password_length\x12\x11MinPasswordLengthR\x13min_password_length\"\xbe\n" + "\n" + "\x18OidcAuthMethodAttributes\x12\x1a\n" + "\x05state\x18\n" + " \x01(\tB\x04\xe2A\x01\x03R\x05state\x12Y\n" + "\x06issuer\x18\x14 \x01(\v2\x1c.google.protobuf.StringValueB#\xa0\xda)\x01\xc2\xdd)\x1b\n" + "\x11attributes.issuer\x12\x06IssuerR\x06issuer\x12d\n" + "\tclient_id\x18\x1e \x01(\v2\x1c.google.protobuf.StringValueB(\xa0\xda)\x01\xc2\xdd) \n" + "\x14attributes.client_id\x12\bClientIdR\tclient_id\x12x\n" + "\rclient_secret\x18( \x01(\v2\x1c.google.protobuf.StringValueB4\xe2A\x01\x04\xa0\xda)\x01\xc2\xdd)(\n" + "\x18attributes.client_secret\x12\fClientSecretR\rclient_secret\x124\n" + "\x12client_secret_hmac\x182 \x01(\tB\x04\xe2A\x01\x03R\x12client_secret_hmac\x12\\\n" + "\amax_age\x18< \x01(\v2\x1c.google.protobuf.UInt32ValueB$\xa0\xda)\x01\xc2\xdd)\x1c\n" + "\x12attributes.max_age\x12\x06MaxAgeR\amax_age\x12d\n" + "\x12signing_algorithms\x18F \x03(\tB4\xa0\xda)\x01\xc2\xdd),\n" + "\x1dattributes.signing_algorithms\x12\vSigningAlgsR\x12signing_algorithms\x12q\n" + "\x0eapi_url_prefix\x18P \x01(\v2\x1c.google.protobuf.StringValueB+\xa0\xda)\x01\xc2\xdd)#\n" + "\x19attributes.api_url_prefix\x12\x06ApiUrlR\x0eapi_url_prefix\x12(\n" + "\fcallback_url\x18Z \x01(\tB\x04\xe2A\x01\x03R\fcallback_url\x12S\n" + "\fidp_ca_certs\x18d \x03(\tB/\xa0\xda)\x01\xc2\xdd)'\n" + "\x17attributes.idp_ca_certs\x12\fCertificatesR\fidp_ca_certs\x12_\n" + "\x11allowed_audiences\x18n \x03(\tB1\xa0\xda)\x01\xc2\xdd))\n" + "\x1cattributes.allowed_audiences\x12\tAudClaimsR\x11allowed_audiences\x12V\n" + "\rclaims_scopes\x18p \x03(\tB0\xa0\xda)\x01\xc2\xdd)(\n" + "\x18attributes.claims_scopes\x12\fClaimsScopesR\rclaims_scopes\x12i\n" + "\x12account_claim_maps\x18q \x03(\tB9\xa0\xda)\x01\xc2\xdd)1\n" + "\x1dattributes.account_claim_maps\x12\x10AccountClaimMapsR\x12account_claim_maps\x12X\n" + "$disable_discovered_config_validation\x18x \x01(\bB\x04\xa0\xda)\x01R$disable_discovered_config_validation\x12\x1f\n" + "\adry_run\x18\x82\x01 \x01(\bB\x04\xa0\xda)\x01R\adry_run\x12@\n" + "\aprompts\x18\x8c\x01 \x03(\tB%\xa0\xda)\x01\xc2\xdd)\x1d\n" + "\x12attributes.prompts\x12\aPromptsR\aprompts\"a\n" + "'OidcAuthMethodAuthenticateStartResponse\x12\x1a\n" + "\bauth_url\x18\n" + " \x01(\tR\bauth_url\x12\x1a\n" + "\btoken_id\x18\x1e \x01(\tR\btoken_id\"\xb7\x01\n" + ")OidcAuthMethodAuthenticateCallbackRequest\x12\x12\n" + "\x04code\x18\n" + " \x01(\tR\x04code\x12\x14\n" + "\x05state\x18\x14 \x01(\tR\x05state\x12\x14\n" + "\x05error\x18\x1e \x01(\tR\x05error\x12,\n" + "\x11error_description\x18( \x01(\tR\x11error_description\x12\x1c\n" + "\terror_uri\x182 \x01(\tR\terror_uri\"\\\n" + "*OidcAuthMethodAuthenticateCallbackResponse\x12.\n" + "\x12final_redirect_url\x18\n" + " \x01(\tR\x12final_redirect_url\"D\n" + "&OidcAuthMethodAuthenticateTokenRequest\x12\x1a\n" + "\btoken_id\x18\n" + " \x01(\tR\btoken_id\"A\n" + "'OidcAuthMethodAuthenticateTokenResponse\x12\x16\n" + "\x06status\x18\n" + " \x01(\tR\x06status\"\xd1\x13\n" + "\x18LdapAuthMethodAttributes\x12F\n" + "\x05state\x18\n" + " \x01(\tB0\xe2A\x01\x03\xa0\xda)\x01\xc2\xdd)$\n" + "\x10attributes.state\x12\x10OperationalStateR\x05state\x12F\n" + "\tstart_tls\x18\x14 \x01(\bB(\xa0\xda)\x01\xc2\xdd) \n" + "\x14attributes.start_tls\x12\bStartTlsR\tstart_tls\x12R\n" + "\finsecure_tls\x18\x1e \x01(\bB.\xa0\xda)\x01\xc2\xdd)&\n" + "\x17attributes.insecure_tls\x12\vInsecureTlsR\finsecure_tls\x12N\n" + "\vdiscover_dn\x18( \x01(\bB,\xa0\xda)\x01\xc2\xdd)$\n" + "\x16attributes.discover_dn\x12\n" + "DiscoverDnR\vdiscover_dn\x12e\n" + "\x11anon_group_search\x182 \x01(\bB7\xa0\xda)\x01\xc2\xdd)/\n" + "\x1cattributes.anon_group_search\x12\x0fAnonGroupSearchR\x11anon_group_search\x12h\n" + "\n" + "upn_domain\x18< \x01(\v2\x1c.google.protobuf.StringValueB*\xa0\xda)\x01\xc2\xdd)\"\n" + "\x15attributes.upn_domain\x12\tUpnDomainR\n" + "upn_domain\x123\n" + "\x04urls\x18F \x03(\tB\x1f\xa0\xda)\x01\xc2\xdd)\x17\n" + "\x0fattributes.urls\x12\x04UrlsR\x04urls\x12\\\n" + "\auser_dn\x18P \x01(\v2\x1c.google.protobuf.StringValueB$\xa0\xda)\x01\xc2\xdd)\x1c\n" + "\x12attributes.user_dn\x12\x06UserDnR\auser_dn\x12d\n" + "\tuser_attr\x18Z \x01(\v2\x1c.google.protobuf.StringValueB(\xa0\xda)\x01\xc2\xdd) \n" + "\x14attributes.user_attr\x12\bUserAttrR\tuser_attr\x12l\n" + "\vuser_filter\x18d \x01(\v2\x1c.google.protobuf.StringValueB,\xa0\xda)\x01\xc2\xdd)$\n" + "\x16attributes.user_filter\x12\n" + "UserFilterR\vuser_filter\x12V\n" + "\renable_groups\x18n \x01(\bB0\xa0\xda)\x01\xc2\xdd)(\n" + "\x18attributes.enable_groups\x12\fEnableGroupsR\renable_groups\x12`\n" + "\bgroup_dn\x18x \x01(\v2\x1c.google.protobuf.StringValueB&\xa0\xda)\x01\xc2\xdd)\x1e\n" + "\x13attributes.group_dn\x12\aGroupDnR\bgroup_dn\x12i\n" + "\n" + "group_attr\x18\x82\x01 \x01(\v2\x1c.google.protobuf.StringValueB*\xa0\xda)\x01\xc2\xdd)\"\n" + "\x15attributes.group_attr\x12\tGroupAttrR\n" + "group_attr\x12q\n" + "\fgroup_filter\x18\x8c\x01 \x01(\v2\x1c.google.protobuf.StringValueB.\xa0\xda)\x01\xc2\xdd)&\n" + "\x17attributes.group_filter\x12\vGroupFilterR\fgroup_filter\x12T\n" + "\fcertificates\x18\x96\x01 \x03(\tB/\xa0\xda)\x01\xc2\xdd)'\n" + "\x17attributes.certificates\x12\fCertificatesR\fcertificates\x12\x89\x01\n" + "\x12client_certificate\x18\xa0\x01 \x01(\v2\x1c.google.protobuf.StringValueB:\xa0\xda)\x01\xc2\xdd)2\n" + "\x1dattributes.client_certificate\x12\x11ClientCertificateR\x12client_certificate\x12\x9c\x01\n" + "\x16client_certificate_key\x18\xaa\x01 \x01(\v2\x1c.google.protobuf.StringValueBE\xe2A\x01\x04\xa0\xda)\x01\xc2\xdd)9\n" + "!attributes.client_certificate_key\x12\x14ClientCertificateKeyR\x16client_certificate_key\x12G\n" + "\x1bclient_certificate_key_hmac\x18\xb4\x01 \x01(\tB\x04\xe2A\x01\x03R\x1bclient_certificate_key_hmac\x12]\n" + "\abind_dn\x18\xbe\x01 \x01(\v2\x1c.google.protobuf.StringValueB$\xa0\xda)\x01\xc2\xdd)\x1c\n" + "\x12attributes.bind_dn\x12\x06BindDnR\abind_dn\x12y\n" + "\rbind_password\x18\xc8\x01 \x01(\v2\x1c.google.protobuf.StringValueB4\xe2A\x01\x04\xa0\xda)\x01\xc2\xdd)(\n" + "\x18attributes.bind_password\x12\fBindPasswordR\rbind_password\x125\n" + "\x12bind_password_hmac\x18\xd2\x01 \x01(\tB\x04\xe2A\x01\x03R\x12bind_password_hmac\x12b\n" + "\x10use_token_groups\x18\xdc\x01 \x01(\bB5\xa0\xda)\x01\xc2\xdd)-\n" + "\x1battributes.use_token_groups\x12\x0eUseTokenGroupsR\x10use_token_groups\x12z\n" + "\x16account_attribute_maps\x18\xe6\x01 \x03(\tBA\xa0\xda)\x01\xc2\xdd)9\n" + "!attributes.account_attribute_maps\x12\x14AccountAttributeMapsR\x16account_attribute_maps\x12f\n" + "\x11maximum_page_size\x18\xf0\x01 \x01(\rB7\xa0\xda)\x01\xc2\xdd)/\n" + "\x1cattributes.maximum_page_size\x12\x0fMaximumPageSizeR\x11maximum_page_size\x12\x8d\x01\n" + "\x13dereference_aliases\x18\xfa\x01 \x01(\v2\x1c.google.protobuf.StringValueB<\xa0\xda)\x01\xc2\xdd)4\n" + "\x1eattributes.dereference_aliases\x12\x12DereferenceAliasesR\x13dereference_aliasesB`\xa2\xe3)\x04authZVgithub.com/hashicorp/boundary/sdk/pbs/controller/api/resources/authmethods;authmethodsb\x06proto3" var ( file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescOnce sync.Once file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescData []byte ) func file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescGZIP() []byte { file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescOnce.Do(func() { file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_controller_api_resources_authmethods_v1_auth_method_proto_rawDesc), len(file_controller_api_resources_authmethods_v1_auth_method_proto_rawDesc))) }) return file_controller_api_resources_authmethods_v1_auth_method_proto_rawDescData } var file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_controller_api_resources_authmethods_v1_auth_method_proto_goTypes = []any{ (*AuthMethod)(nil), // 0: controller.api.resources.authmethods.v1.AuthMethod (*PasswordAuthMethodAttributes)(nil), // 1: controller.api.resources.authmethods.v1.PasswordAuthMethodAttributes (*OidcAuthMethodAttributes)(nil), // 2: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes (*OidcAuthMethodAuthenticateStartResponse)(nil), // 3: controller.api.resources.authmethods.v1.OidcAuthMethodAuthenticateStartResponse (*OidcAuthMethodAuthenticateCallbackRequest)(nil), // 4: controller.api.resources.authmethods.v1.OidcAuthMethodAuthenticateCallbackRequest (*OidcAuthMethodAuthenticateCallbackResponse)(nil), // 5: controller.api.resources.authmethods.v1.OidcAuthMethodAuthenticateCallbackResponse (*OidcAuthMethodAuthenticateTokenRequest)(nil), // 6: controller.api.resources.authmethods.v1.OidcAuthMethodAuthenticateTokenRequest (*OidcAuthMethodAuthenticateTokenResponse)(nil), // 7: controller.api.resources.authmethods.v1.OidcAuthMethodAuthenticateTokenResponse (*LdapAuthMethodAttributes)(nil), // 8: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes nil, // 9: controller.api.resources.authmethods.v1.AuthMethod.AuthorizedCollectionActionsEntry (*scopes.ScopeInfo)(nil), // 10: controller.api.resources.scopes.v1.ScopeInfo (*wrapperspb.StringValue)(nil), // 11: google.protobuf.StringValue (*timestamppb.Timestamp)(nil), // 12: google.protobuf.Timestamp (*structpb.Struct)(nil), // 13: google.protobuf.Struct (*wrapperspb.UInt32Value)(nil), // 14: google.protobuf.UInt32Value (*structpb.ListValue)(nil), // 15: google.protobuf.ListValue } var file_controller_api_resources_authmethods_v1_auth_method_proto_depIdxs = []int32{ 10, // 0: controller.api.resources.authmethods.v1.AuthMethod.scope:type_name -> controller.api.resources.scopes.v1.ScopeInfo 11, // 1: controller.api.resources.authmethods.v1.AuthMethod.name:type_name -> google.protobuf.StringValue 11, // 2: controller.api.resources.authmethods.v1.AuthMethod.description:type_name -> google.protobuf.StringValue 12, // 3: controller.api.resources.authmethods.v1.AuthMethod.created_time:type_name -> google.protobuf.Timestamp 12, // 4: controller.api.resources.authmethods.v1.AuthMethod.updated_time:type_name -> google.protobuf.Timestamp 13, // 5: controller.api.resources.authmethods.v1.AuthMethod.attributes:type_name -> google.protobuf.Struct 1, // 6: controller.api.resources.authmethods.v1.AuthMethod.password_auth_method_attributes:type_name -> controller.api.resources.authmethods.v1.PasswordAuthMethodAttributes 2, // 7: controller.api.resources.authmethods.v1.AuthMethod.oidc_auth_methods_attributes:type_name -> controller.api.resources.authmethods.v1.OidcAuthMethodAttributes 8, // 8: controller.api.resources.authmethods.v1.AuthMethod.ldap_auth_methods_attributes:type_name -> controller.api.resources.authmethods.v1.LdapAuthMethodAttributes 9, // 9: controller.api.resources.authmethods.v1.AuthMethod.authorized_collection_actions:type_name -> controller.api.resources.authmethods.v1.AuthMethod.AuthorizedCollectionActionsEntry 11, // 10: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes.issuer:type_name -> google.protobuf.StringValue 11, // 11: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes.client_id:type_name -> google.protobuf.StringValue 11, // 12: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes.client_secret:type_name -> google.protobuf.StringValue 14, // 13: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes.max_age:type_name -> google.protobuf.UInt32Value 11, // 14: controller.api.resources.authmethods.v1.OidcAuthMethodAttributes.api_url_prefix:type_name -> google.protobuf.StringValue 11, // 15: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.upn_domain:type_name -> google.protobuf.StringValue 11, // 16: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.user_dn:type_name -> google.protobuf.StringValue 11, // 17: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.user_attr:type_name -> google.protobuf.StringValue 11, // 18: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.user_filter:type_name -> google.protobuf.StringValue 11, // 19: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.group_dn:type_name -> google.protobuf.StringValue 11, // 20: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.group_attr:type_name -> google.protobuf.StringValue 11, // 21: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.group_filter:type_name -> google.protobuf.StringValue 11, // 22: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.client_certificate:type_name -> google.protobuf.StringValue 11, // 23: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.client_certificate_key:type_name -> google.protobuf.StringValue 11, // 24: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.bind_dn:type_name -> google.protobuf.StringValue 11, // 25: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.bind_password:type_name -> google.protobuf.StringValue 11, // 26: controller.api.resources.authmethods.v1.LdapAuthMethodAttributes.dereference_aliases:type_name -> google.protobuf.StringValue 15, // 27: controller.api.resources.authmethods.v1.AuthMethod.AuthorizedCollectionActionsEntry.value:type_name -> google.protobuf.ListValue 28, // [28:28] is the sub-list for method output_type 28, // [28:28] is the sub-list for method input_type 28, // [28:28] is the sub-list for extension type_name 28, // [28:28] is the sub-list for extension extendee 0, // [0:28] is the sub-list for field type_name } func init() { file_controller_api_resources_authmethods_v1_auth_method_proto_init() } func file_controller_api_resources_authmethods_v1_auth_method_proto_init() { if File_controller_api_resources_authmethods_v1_auth_method_proto != nil { return } file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes[0].OneofWrappers = []any{ (*AuthMethod_Attributes)(nil), (*AuthMethod_PasswordAuthMethodAttributes)(nil), (*AuthMethod_OidcAuthMethodsAttributes)(nil), (*AuthMethod_LdapAuthMethodsAttributes)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_controller_api_resources_authmethods_v1_auth_method_proto_rawDesc), len(file_controller_api_resources_authmethods_v1_auth_method_proto_rawDesc)), NumEnums: 0, NumMessages: 10, NumExtensions: 0, NumServices: 0, }, GoTypes: file_controller_api_resources_authmethods_v1_auth_method_proto_goTypes, DependencyIndexes: file_controller_api_resources_authmethods_v1_auth_method_proto_depIdxs, MessageInfos: file_controller_api_resources_authmethods_v1_auth_method_proto_msgTypes, }.Build() File_controller_api_resources_authmethods_v1_auth_method_proto = out.File file_controller_api_resources_authmethods_v1_auth_method_proto_goTypes = nil file_controller_api_resources_authmethods_v1_auth_method_proto_depIdxs = nil }