aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bump-ui-commit-4fc3244'
${ noResults }
boundary/internal/proto/controller/api/resources/authmethods/v1/auth_method.proto

706 lines
27 KiB
Raw Permalink Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
syntax = "proto3";
package controller.api.resources.authmethods.v1;
import "controller/api/resources/scopes/v1/scope.proto";
import "controller/custom_options/v1/options.proto";
import "google/api/field_behavior.proto";
import "google/api/visibility.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
option go_package = "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/authmethods;authmethods";
option (custom_options.v1.domain) = "auth";
// AuthMethod contains all fields related to an auth method resource
message AuthMethod {
// The ID of the auth method.
string id = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; // @gotags: `class:"public" eventstream:"observation"`
// The ID of the Scope of which this auth method is a part.
string scope_id = 20 [json_name = "scope_id"]; // @gotags: `class:"public" eventstream:"observation"`
// Scope information for this Auth method.
resources.scopes.v1.ScopeInfo scope = 30 [(google.api.field_behavior) = OUTPUT_ONLY];
// Optional name for identification purposes.
google.protobuf.StringValue name = 40 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "name"
that: "Name"
}
]; // @gotags: `class:"public"`
// Optional user-set description for identification purposes.
google.protobuf.StringValue description = 50 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "description"
that: "Description"
}
]; // @gotags: `class:"public"`
// The time this resource was created.
google.protobuf.Timestamp created_time = 60 [
json_name = "created_time",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public" eventstream:"observation"`
// The time this resource was last updated.
google.protobuf.Timestamp updated_time = 70 [
json_name = "updated_time",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public" eventstream:"observation"`
// Version is used in mutation requests, after the initial creation, to ensure this resource has not changed.
// The mutation will fail if the version does not match the latest known good version.
// Version is not required when you create an auth method.
uint32 version = 80; // @gotags: `class:"public"`
// The auth method type.
string type = 90; // @gotags: `class:"public" eventstream:"observation"`
oneof attrs {
// The attributes that are applicable for the specific auth method type.
google.protobuf.Struct attributes = 100 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "default",
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "{\"min_login_name_length\": 10, \"min_password_length\": 16}",
description:
"The attributes that are applicable for the specific auth method type. "
"The schema of this field depends on the type of the auth method "
"that you create want to create.\n"
"For password auth methods, the parameters are:\n"
"```json\n"
"{\n"
" \"min_login_name_length\": \"min_login_name_length\",\n"
" \"min_password_length\": \"min_password_length\"\n"
"}\n"
"```\n"
"For OIDC auth methods, the parameters are:\n"
"```json\n"
"{\n"
" \"issuer\": \"issuer\",\n"
" \"client_id\": \"client_id\",\n"
" \"client_secret\": \"client_secret\",\n"
" \"max_age\": 3600,\n"
" \"signing_algorithms\": [],\n"
" \"api_url_prefix\": \"api_url_prefix\",\n"
" \"idp_ca_certs\": [],\n"
" \"allowed_audiences\": [],\n"
" \"claims_scopes\": [],\n"
" \"account_claim_maps\": [],\n"
" \"disable_discovered_config_validation\": false,\n"
" \"prompts\": []\n"
"}\n"
"```\n"
"For LDAP auth methods, the parameters are:\n"
"```json\n"
"{\n"
" \"start_tls\": false,\n"
" \"insecure_tls\": false,\n"
" \"discover_dn\": false,\n"
" \"anon_group_search\": false,\n"
" \"upn_domain\": \"upn_domain\",\n"
" \"urls\": [],\n"
" \"user_dn\": \"user_dn\",\n"
" \"user_attr\": \"user_attr\",\n"
" \"user_filter\": \"user_filter\",\n"
" \"enable_groups\": false,\n"
" \"group_dn\": \"group_dn\",\n"
" \"group_attr\": \"group_attr\",\n"
" \"group_filter\": \"group_filter\",\n"
" \"certificates\": [],\n"
" \"client_certificate\": \"client_certificate\",\n"
" \"client_certificate_key\": \"client_certificate_key\",\n"
" \"bind_dn\": \"bind_dn\",\n"
" \"bind_password\": \"bind_password\",\n"
" \"use_token_groups\": false,\n"
" \"account_attribute_maps\": [],\n"
" \"maximum_page_size\": 1000,\n"
" \"dereference_aliases\": \"never\"\n"
"}\n"
"```\n"
}
];
PasswordAuthMethodAttributes password_auth_method_attributes = 101 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "password",
(google.api.field_visibility).restriction = "INTERNAL"
];
OidcAuthMethodAttributes oidc_auth_methods_attributes = 102 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "oidc",
(google.api.field_visibility).restriction = "INTERNAL"
];
LdapAuthMethodAttributes ldap_auth_methods_attributes = 103 [
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.subtype) = "ldap",
(google.api.field_visibility).restriction = "INTERNAL"
];
}
// Whether this auth method is the primary auth method for it's scope.
// To change this value update the primary_auth_method_id field on the scope.
bool is_primary = 110 [
json_name = "is_primary",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public" eventstream:"observation"`
// The available actions on this resource for this user.
repeated string authorized_actions = 300 [
json_name = "authorized_actions",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// The authorized actions for the scope's collections.
map<string, google.protobuf.ListValue> authorized_collection_actions = 310 [
json_name = "authorized_collection_actions",
(google.api.field_behavior) = OUTPUT_ONLY
]; // classified as public via taggable implementation
}
// The attributes of a password typed auth method.
message PasswordAuthMethodAttributes {
// The minimum length allowed for user names for accounts in this auth method.
uint32 min_login_name_length = 10 [
json_name = "min_login_name_length",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.min_login_name_length"
that: "MinLoginNameLength"
}
]; // @gotags: `class:"public"`
// The minimum length allowed for passwords for accounts in this auth method.
uint32 min_password_length = 20 [
json_name = "min_password_length",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.min_password_length"
that: "MinPasswordLength"
}
]; // @gotags: `class:"public"`
}
// The attributes of an OIDC typed auth method.
message OidcAuthMethodAttributes {
// The state of the auth method. Will be "inactive",
// "active-private", or "active-public".
string state = 10 [
json_name = "state",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// The issuer URL. Boundary expects only the schema, host, and port and will
// strip off ".well-known/openid-configuration" if present. This will be
// used for configuration discovery as well as for validation of the "iss"
// claim.
google.protobuf.StringValue issuer = 20 [
json_name = "issuer",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.issuer"
that: "Issuer"
}
]; // @gotags: `class:"public"`
// An OAuth 2.0 Client Identifier valid at the Authorization Server.
google.protobuf.StringValue client_id = 30 [
json_name = "client_id",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.client_id"
that: "ClientId"
}
]; // @gotags: `class:"public"`
// The client's secret.
google.protobuf.StringValue client_secret = 40 [
json_name = "client_secret",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.client_secret"
that: "ClientSecret"
},
(google.api.field_behavior) = INPUT_ONLY
]; // @gotags: `class:"secret"`
// The HMAC'd value of the clients secret to indicate whether
// the client secret has changed.
string client_secret_hmac = 50 [
json_name = "client_secret_hmac",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// The OIDC "max_age" parameter sent to the Authorization Server indicating
// a maximum acceptable time in seconds since the user's last authentication
// before requiring the user to reauthenticate. 0 indicates an immediate
// need to reauthenticate.
google.protobuf.UInt32Value max_age = 60 [
json_name = "max_age",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.max_age"
that: "MaxAge"
}
]; // @gotags: `class:"public"`
// The signing algorithms allowed for the auth method.
repeated string signing_algorithms = 70 [
json_name = "signing_algorithms",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.signing_algorithms"
that: "SigningAlgs"
}
]; // @gotags: `class:"public"`
// The prefix that should be used for any URLs needed during the
// authentication flow. This includes the callback URL, the token retrieval
// URL, and the redirection URL used by the OIDC Authorization Server.
google.protobuf.StringValue api_url_prefix = 80 [
json_name = "api_url_prefix",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.api_url_prefix"
that: "ApiUrl"
}
]; // @gotags: `class:"public"`
// The callback URL that should be configured on the
// Authorization Server to use during the authentication flow.
string callback_url = 90 [
json_name = "callback_url",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// Optional PEM-encoded X.509 CA certificates that can be used as trust anchors
// when connecting to an OIDC provider.
repeated string idp_ca_certs = 100 [
json_name = "idp_ca_certs",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.idp_ca_certs"
that: "Certificates"
}
]; // @gotags: `class:"public"`
// Allowed audience claims for this auth method.
repeated string allowed_audiences = 110 [
json_name = "allowed_audiences",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.allowed_audiences"
that: "AudClaims"
}
]; // @gotags: `class:"public"`
// Optional claims scopes that will be requested during authentication.
// see: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
repeated string claims_scopes = 112 [
json_name = "claims_scopes",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.claims_scopes"
that: "ClaimsScopes"
}
]; // @gotags: `class:"public"`
// account_claim_maps are optional claim maps from custom claims to the
// standard claims of sub, name and email. These maps are represented as
// key=value where the key equals the from_claim and the value equals the
// to_claim. For example "oid=sub".
repeated string account_claim_maps = 113 [
json_name = "account_claim_maps",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.account_claim_maps"
that: "AccountClaimMaps"
}
]; // @gotags: `class:"public"`
// If the Authorization Server's discovered configuration contains values
// that do not match the configuration set on this auth method, this can be
// set to force the local configuration to override the discovered values.
// This is useful in the case of slow-changing or incorrect values announced
// by the Authorization Server. NOTE: For safety, not providing this value
// will be treated the same as "false"; that is, every time the method is
// updated or the state is changed, this value must be set to "true" or it
// will be disabled.
bool disable_discovered_config_validation = 120 [
json_name = "disable_discovered_config_validation",
(custom_options.v1.generate_sdk_option) = true
]; // @gotags: `class:"public"`
// dry_run, when set on an update request, indicates that the changes should
// not be persisted. Boundary will still perform the normal checks to confirm
// the auth method is complete and validated against the discovered config.
// This value will also be set on the returned resource when set in the request
// along with the updated fields applied to the resource (but not persisted) as
// a result of the update request.
bool dry_run = 130 [
json_name = "dry_run",
(custom_options.v1.generate_sdk_option) = true
]; // @gotags: `class:"public"`
// The prompts allowed for the auth method.
repeated string prompts = 140 [
json_name = "prompts",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.prompts"
that: "Prompts"
}
]; // @gotags: `class:"public"`
}
// The structure of the OIDC authenticate start response, in the JSON object
message OidcAuthMethodAuthenticateStartResponse {
// The returned authentication URL
string auth_url = 10 [json_name = "auth_url"]; // @gotags: `class:"public"`
// The returned token ID
string token_id = 30 [json_name = "token_id"]; // @gotags: `class:"public"`
}
// The structure of OIDC callback request parameters
message OidcAuthMethodAuthenticateCallbackRequest {
// The returned code
string code = 10 [json_name = "code"]; // @gotags: `class:"secret"`
// The returned state
string state = 20 [json_name = "state"]; // @gotags: `class:"public"`
// Error parameters, if they are returned
string error = 30 [json_name = "error"]; // @gotags: `class:"public"`
string error_description = 40 [json_name = "error_description"]; // @gotags: `class:"public"`
string error_uri = 50 [json_name = "error_uri"]; // @gotags: `class:"public"`
}
// The structure of OIDC callback response parameters
message OidcAuthMethodAuthenticateCallbackResponse {
// The final redirection URL
string final_redirect_url = 10 [json_name = "final_redirect_url"]; // @gotags: `class:"public"`
}
// The structure of OIDC token request parameters
message OidcAuthMethodAuthenticateTokenRequest {
// The ID of the pending token
string token_id = 10 [json_name = "token_id"]; // @gotags: `class:"secret"`
}
// Internal only: the structure of a token response if it _does not_ contain a
// token.
message OidcAuthMethodAuthenticateTokenResponse {
// The status. This will always be "unknown". It will never be forwarded to
// the consumer.
string status = 10; // @gotags: `class:"public"`
}
// The attributes of an LDAP typed auth method.
message LdapAuthMethodAttributes {
// The state of the auth method. Will be "inactive",
// "active-private", or "active-public".
string state = 10 [
json_name = "state",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.state"
that: "OperationalState"
},
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// start_tls if true, issues a StartTLS command after establishing an
// unencrypted connection. Defaults to false.
bool start_tls = 20 [
json_name = "start_tls",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.start_tls"
that: "StartTls"
}
]; // @gotags: `class:"public"`
// insecure_tls if true, skips LDAP server SSL certificate validation -
// insecure and use with caution. Defaults to false.
bool insecure_tls = 30 [
json_name = "insecure_tls",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.insecure_tls"
that: "InsecureTls"
}
]; // @gotags: `class:"public"`
// discover_dn if true, use anon bind to discover the bind DN of a user.
// Defaults to false.
bool discover_dn = 40 [
json_name = "discover_dn",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.discover_dn"
that: "DiscoverDn"
}
]; // @gotags: `class:"public"`
// anon_group_search if true, use anon bind when performing LDAP group
// searches. Defaults to false.
bool anon_group_search = 50 [
json_name = "anon_group_search",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.anon_group_search"
that: "AnonGroupSearch"
}
]; // @gotags: `class:"public"`
// upn_domain is the userPrincipalDomain used to construct the UPN string for
// the authenticating user. The constructed UPN will appear as
// [username]@UPNDomain Example: example.com, which will cause Boundary to
// bind as username@example.com when authenticating the user.
google.protobuf.StringValue upn_domain = 60 [
json_name = "upn_domain",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.upn_domain"
that: "UpnDomain"
}
]; // @gotags: `class:"public"`
// urls are the LDAP URLS that specify LDAP servers to connection to. There
// must be at lease on URL for each LDAP auth method. When attempting to
// connect, the URLs are tried in the order specified. These are Value Objects
// that will be stored as Url messages, and are operated on as a complete set
// (not individually).
repeated string urls = 70 [
json_name = "urls",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.urls"
that: "Urls"
}
]; // @gotags: `class:"public"`
// user_dn (optional) is the base DN under which to perform user search.
// Example: ou=Users,dc=example,dc=com
google.protobuf.StringValue user_dn = 80 [
json_name = "user_dn",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.user_dn"
that: "UserDn"
}
]; // @gotags: `class:"public"`
// user_attr (optional) is the attribute on user attribute entry matching the
// username passed when authenticating. Examples: cn, uid
google.protobuf.StringValue user_attr = 90 [
json_name = "user_attr",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.user_attr"
that: "UserAttr"
}
]; // @gotags: `class:"public"`
// user_filter (optional) is a go template used to construct a LDAP user
// search filter. The template can access the following context variables:
// [UserAttr, Username]. The default userfilter is
// ({{.UserAttr}}={{.Username}}) or
// (userPrincipalName={{.Username}}@UPNDomain) if the upndomain parameter is
// set.
google.protobuf.StringValue user_filter = 100 [
json_name = "user_filter",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.user_filter",
that: "UserFilter"
}
]; // @gotags: `class:"public"`
// enable_groups if true, an authenticated user's groups will be found during
// authentication. Defaults to false.
bool enable_groups = 110 [
json_name = "enable_groups",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.enable_groups"
that: "EnableGroups"
}
]; // @gotags: `class:"public"`
// group_dn (optional) is the base DN under which to perform user search.
// Example: ou=Groups,dc=example,dc=com
//
// Note: there is no default, so no base dn will be used for group searches if
// it's not specified.
google.protobuf.StringValue group_dn = 120 [
json_name = "group_dn",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.group_dn"
that: "GroupDn"
}
]; // @gotags: `class:"public"`
// group_attr (optional) is the LDAP attribute to follow on objects returned
// by GroupFilter in order to enumerate user group membership. Examples: for
// GroupFilter queries returning group objects, use: cn. For queries returning
// user objects, use: memberOf. The default is cn.
google.protobuf.StringValue group_attr = 130 [
json_name = "group_attr",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.group_attr"
that: "GroupAttr"
}
]; // @gotags: `class:"public"`
// group_filter (optional) is a Go template used when constructing the group
// membership query. The template can access the following context variables:
// [UserDN, Username]. The default is
// (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})),
// which is compatible with several common directory schemas.
google.protobuf.StringValue group_filter = 140 [
json_name = "group_filter",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.group_filter",
that: "GroupFilter"
}
]; // @gotags: `class:"public"`
// certificates are optional PEM encoded x509 certificates in ASN.1 DER form
// that can be used as trust anchors when connecting to an LDAP provider.
// These are Value Objects that will be stored as Certificate messages, and
// are operatated on as a complete set (not individually).
repeated string certificates = 150 [
json_name = "certificates",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.certificates"
that: "Certificates"
}
]; // @gotags: `class:"public"`
// client_certificate is the optional certificate encoded as PEM. It must be
// set if an optional client_certificate_key specified
google.protobuf.StringValue client_certificate = 160 [
json_name = "client_certificate",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.client_certificate",
that: "ClientCertificate"
}
]; // @gotags: `class:"public"`
// The client_certificate_key (optional) is the plain-text of the
// certificate key data encoded as PEM.
google.protobuf.StringValue client_certificate_key = 170 [
json_name = "client_certificate_key",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.client_certificate_key",
that: "ClientCertificateKey"
},
(google.api.field_behavior) = INPUT_ONLY
]; // @gotags: `class:"secret"`
// The HMAC'd value of the client certificate key to indicate
// whether the certificate key has changed.
string client_certificate_key_hmac = 180 [
json_name = "client_certificate_key_hmac",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
// bind_dn (optional) is the distinguished name of entry to bind when
// performing user and group search. Example:
// cn=vault,ou=Users,dc=example,dc=com
google.protobuf.StringValue bind_dn = 190 [
json_name = "bind_dn",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.bind_dn",
that: "BindDn"
}
]; // @gotags: `class:"public"`
// The bind_password (optional) is the password to use along with
// binddn when performing user search.
google.protobuf.StringValue bind_password = 200 [
json_name = "bind_password",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.bind_password",
that: "BindPassword"
},
(google.api.field_behavior) = INPUT_ONLY
]; // @gotags: `class:"secret"`
// The HMAC'd value of the bind password to indicate
// whether the password has changed.
string bind_password_hmac = 210 [
json_name = "bind_password_hmac",
(google.api.field_behavior) = OUTPUT_ONLY
]; // @gotags: `class:"public"`
bool use_token_groups = 220 [
json_name = "use_token_groups",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.use_token_groups"
that: "UseTokenGroups"
}
]; // @gotags: `class:"public"`
// account_attribute_maps are optional attribute maps from custom attributes
// to the standard attributes of fullname and email. These maps are
// represented as key=value where the key equals the from_attribute and the
// value equals the to_attribute. For example "preferredName=fullName". All
// attribute names are case insensitive.
repeated string account_attribute_maps = 230 [
json_name = "account_attribute_maps",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.account_attribute_maps"
that: "AccountAttributeMaps"
}
]; // @gotags: `class:"public"`
// maximum_page_size (optional) specifies a maximum ldap search result size to
// use when retrieving the authenticated user's group memberships. This can
// be used to avoid reaching the LDAP server's max result size.
uint32 maximum_page_size = 240 [
json_name = "maximum_page_size",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.maximum_page_size",
that: "MaximumPageSize"
}
]; // @gotags: `class:"public"`
// dereference_aliases (optional) will control how aliases are dereferenced when
// performing the search. Possible values are: never, finding, searching,
// and always. If unset, a default of "never" is used. When set to
// "finding", it will only dereference aliases during name resolution of the
// base. When set to "searching", it will dereference aliases after name
// resolution.
google.protobuf.StringValue dereference_aliases = 250 [
json_name = "dereference_aliases",
(custom_options.v1.generate_sdk_option) = true,
(custom_options.v1.mask_mapping) = {
this: "attributes.dereference_aliases",
that: "DereferenceAliases"
}
]; // @gotags: `class:"public"`
}
Reference in new issue View Git Blame Copy Permalink