From e596d1b5dfa4f210d1fe866166e335c6bbe5c7bd Mon Sep 17 00:00:00 2001 From: Alexey Kontsevoy Date: Tue, 28 Jan 2020 19:50:17 -0500 Subject: [PATCH] Add auto formatting for proto files --- Makefile | 2 + build.assets/grpc/Dockerfile | 2 +- lib/auth/proto/auth.pb.go | 44 +- lib/auth/proto/auth.proto | 116 +++-- lib/events/slice.pb.go | 11 +- lib/events/slice.proto | 16 +- lib/services/types.pb.go | 144 ++--- lib/services/types.proto | 982 ++++++++++++++++++++--------------- lib/wrappers/wrappers.pb.go | 8 +- lib/wrappers/wrappers.proto | 8 +- 10 files changed, 744 insertions(+), 589 deletions(-) diff --git a/Makefile b/Makefile index cd97f434d513f..fdb7e64e0a950 100644 --- a/Makefile +++ b/Makefile @@ -291,6 +291,8 @@ grpc: buildbox buildbox-grpc: # standard GRPC output echo $$PROTO_INCLUDE + find lib/ -iname *.proto | xargs clang-format -i -style='{ColumnLimit: 100, IndentWidth: 4, Language: Proto}' + cd lib/events && protoc -I=.:$$PROTO_INCLUDE \ --gofast_out=plugins=grpc:.\ *.proto diff --git a/build.assets/grpc/Dockerfile b/build.assets/grpc/Dockerfile index be1539799fc26..5f55baf4391d1 100644 --- a/build.assets/grpc/Dockerfile +++ b/build.assets/grpc/Dockerfile @@ -7,7 +7,7 @@ ARG PLATFORM ENV TARBALL protoc-${PROTOC_VER}-${PLATFORM}.zip ENV GOGOPROTO_ROOT ${GOPATH}/src/github.com/gogo/protobuf -RUN apt-get update && apt-get install unzip +RUN apt-get update && apt-get install unzip clang-format -y RUN curl -L -o /tmp/${TARBALL} https://github.com/google/protobuf/releases/download/v${PROTOC_VER}/${TARBALL} RUN cd /tmp && unzip /tmp/protoc-${PROTOC_VER}-linux-x86_64.zip -d /usr/local && rm /tmp/${TARBALL} diff --git a/lib/auth/proto/auth.pb.go b/lib/auth/proto/auth.pb.go index e34a790b7b690..27ee7825618af 100644 --- a/lib/auth/proto/auth.pb.go +++ b/lib/auth/proto/auth.pb.go @@ -60,7 +60,7 @@ func (x Operation) String() string { return proto.EnumName(Operation_name, int32(x)) } func (Operation) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{0} + return fileDescriptor_auth_8605baa7098e7332, []int{0} } // Event returns cluster event @@ -93,7 +93,7 @@ func (m *Event) Reset() { *m = Event{} } func (m *Event) String() string { return proto.CompactTextString(m) } func (*Event) ProtoMessage() {} func (*Event) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{0} + return fileDescriptor_auth_8605baa7098e7332, []int{0} } func (m *Event) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -583,7 +583,7 @@ func (m *Watch) Reset() { *m = Watch{} } func (m *Watch) String() string { return proto.CompactTextString(m) } func (*Watch) ProtoMessage() {} func (*Watch) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{1} + return fileDescriptor_auth_8605baa7098e7332, []int{1} } func (m *Watch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -641,7 +641,7 @@ func (m *WatchKind) Reset() { *m = WatchKind{} } func (m *WatchKind) String() string { return proto.CompactTextString(m) } func (*WatchKind) ProtoMessage() {} func (*WatchKind) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{2} + return fileDescriptor_auth_8605baa7098e7332, []int{2} } func (m *WatchKind) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -713,7 +713,7 @@ func (m *Certs) Reset() { *m = Certs{} } func (m *Certs) String() string { return proto.CompactTextString(m) } func (*Certs) ProtoMessage() {} func (*Certs) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{3} + return fileDescriptor_auth_8605baa7098e7332, []int{3} } func (m *Certs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -766,7 +766,8 @@ type UserCertsRequest struct { // Expires is a desired time of the expiry of the certificate, could // be adjusted based on the permissions Expires time.Time `protobuf:"bytes,3,opt,name=Expires,stdtime" json:"expires,omitempty"` - // Format encodes the desired SSH Certificate format (either old ssh compatibility + // Format encodes the desired SSH Certificate format (either old ssh + // compatibility // format to remove some metadata causing trouble with old SSH servers) // or standard SSH cert format with custom extensions Format string `protobuf:"bytes,4,opt,name=Format,proto3" json:"format,omitempty"` @@ -786,7 +787,7 @@ func (m *UserCertsRequest) Reset() { *m = UserCertsRequest{} } func (m *UserCertsRequest) String() string { return proto.CompactTextString(m) } func (*UserCertsRequest) ProtoMessage() {} func (*UserCertsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{4} + return fileDescriptor_auth_8605baa7098e7332, []int{4} } func (m *UserCertsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -872,7 +873,7 @@ func (m *GetUserRequest) Reset() { *m = GetUserRequest{} } func (m *GetUserRequest) String() string { return proto.CompactTextString(m) } func (*GetUserRequest) ProtoMessage() {} func (*GetUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{5} + return fileDescriptor_auth_8605baa7098e7332, []int{5} } func (m *GetUserRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -928,7 +929,7 @@ func (m *GetUsersRequest) Reset() { *m = GetUsersRequest{} } func (m *GetUsersRequest) String() string { return proto.CompactTextString(m) } func (*GetUsersRequest) ProtoMessage() {} func (*GetUsersRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{6} + return fileDescriptor_auth_8605baa7098e7332, []int{6} } func (m *GetUsersRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -976,7 +977,7 @@ func (m *AccessRequests) Reset() { *m = AccessRequests{} } func (m *AccessRequests) String() string { return proto.CompactTextString(m) } func (*AccessRequests) ProtoMessage() {} func (*AccessRequests) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{7} + return fileDescriptor_auth_8605baa7098e7332, []int{7} } func (m *AccessRequests) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1026,7 +1027,7 @@ func (m *RequestStateSetter) Reset() { *m = RequestStateSetter{} } func (m *RequestStateSetter) String() string { return proto.CompactTextString(m) } func (*RequestStateSetter) ProtoMessage() {} func (*RequestStateSetter) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{8} + return fileDescriptor_auth_8605baa7098e7332, []int{8} } func (m *RequestStateSetter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1081,7 +1082,7 @@ func (m *RequestID) Reset() { *m = RequestID{} } func (m *RequestID) String() string { return proto.CompactTextString(m) } func (*RequestID) ProtoMessage() {} func (*RequestID) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{9} + return fileDescriptor_auth_8605baa7098e7332, []int{9} } func (m *RequestID) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1131,7 +1132,7 @@ func (m *RotateResetPasswordTokenSecretsRequest) Reset() { func (m *RotateResetPasswordTokenSecretsRequest) String() string { return proto.CompactTextString(m) } func (*RotateResetPasswordTokenSecretsRequest) ProtoMessage() {} func (*RotateResetPasswordTokenSecretsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{10} + return fileDescriptor_auth_8605baa7098e7332, []int{10} } func (m *RotateResetPasswordTokenSecretsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1179,7 +1180,7 @@ func (m *GetResetPasswordTokenRequest) Reset() { *m = GetResetPasswordTo func (m *GetResetPasswordTokenRequest) String() string { return proto.CompactTextString(m) } func (*GetResetPasswordTokenRequest) ProtoMessage() {} func (*GetResetPasswordTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{11} + return fileDescriptor_auth_8605baa7098e7332, []int{11} } func (m *GetResetPasswordTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1215,7 +1216,8 @@ func (m *GetResetPasswordTokenRequest) GetTokenID() string { return "" } -// CreateResetPasswordTokenRequest is a request to create an instance of ResetPasswordToken +// CreateResetPasswordTokenRequest is a request to create an instance of +// ResetPasswordToken type CreateResetPasswordTokenRequest struct { // Name is the user name. Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"` @@ -1232,7 +1234,7 @@ func (m *CreateResetPasswordTokenRequest) Reset() { *m = CreateResetPass func (m *CreateResetPasswordTokenRequest) String() string { return proto.CompactTextString(m) } func (*CreateResetPasswordTokenRequest) ProtoMessage() {} func (*CreateResetPasswordTokenRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_auth_a46564e9693c8eaf, []int{12} + return fileDescriptor_auth_8605baa7098e7332, []int{12} } func (m *CreateResetPasswordTokenRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1317,7 +1319,8 @@ type AuthServiceClient interface { WatchEvents(ctx context.Context, in *Watch, opts ...grpc.CallOption) (AuthService_WatchEventsClient, error) // UpsertNode upserts node UpsertNode(ctx context.Context, in *services.ServerV2, opts ...grpc.CallOption) (*services.KeepAlive, error) - // GenerateUserCerts generates a set of user certificates for use by `tctl auth sign`. + // GenerateUserCerts generates a set of user certificates for use by `tctl + // auth sign`. GenerateUserCerts(ctx context.Context, in *UserCertsRequest, opts ...grpc.CallOption) (*Certs, error) // GetUser gets a user resource by name. GetUser(ctx context.Context, in *GetUserRequest, opts ...grpc.CallOption) (*services.UserV2, error) @@ -1544,7 +1547,8 @@ type AuthServiceServer interface { WatchEvents(*Watch, AuthService_WatchEventsServer) error // UpsertNode upserts node UpsertNode(context.Context, *services.ServerV2) (*services.KeepAlive, error) - // GenerateUserCerts generates a set of user certificates for use by `tctl auth sign`. + // GenerateUserCerts generates a set of user certificates for use by `tctl + // auth sign`. GenerateUserCerts(context.Context, *UserCertsRequest) (*Certs, error) // GetUser gets a user resource by name. GetUser(context.Context, *GetUserRequest) (*services.UserV2, error) @@ -4890,9 +4894,9 @@ var ( ErrIntOverflowAuth = fmt.Errorf("proto: integer overflow") ) -func init() { proto.RegisterFile("auth.proto", fileDescriptor_auth_a46564e9693c8eaf) } +func init() { proto.RegisterFile("auth.proto", fileDescriptor_auth_8605baa7098e7332) } -var fileDescriptor_auth_a46564e9693c8eaf = []byte{ +var fileDescriptor_auth_8605baa7098e7332 = []byte{ // 1542 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x57, 0x41, 0x6f, 0xdb, 0xc6, 0x12, 0x36, 0x25, 0x4b, 0x96, 0x46, 0x8e, 0xa2, 0xac, 0x1d, 0x9b, 0x51, 0x1c, 0xd3, 0x90, 0x91, diff --git a/lib/auth/proto/auth.proto b/lib/auth/proto/auth.proto index 45d2869c260b3..aba7dff6d9f5e 100644 --- a/lib/auth/proto/auth.proto +++ b/lib/auth/proto/auth.proto @@ -15,9 +15,9 @@ option (gogoproto.goproto_getters_all) = true; enum Operation { // INIT is sent as a first sentinel event // on the watch channel - INIT = 0; + INIT = 0; // PUT identifies created or updated object - PUT = 1; + PUT = 1; // DELETE identifies deleted object DELETE = 2; } @@ -25,141 +25,152 @@ enum Operation { // Event returns cluster event message Event { // Operation identifies operation - Operation Type = 1 [(gogoproto.jsontag) = "type,omitempty"]; + Operation Type = 1 [ (gogoproto.jsontag) = "type,omitempty" ]; // Resource contains the updated resource oneof Resource { // ResourceHeader is specified in delete events, // the full object is not available, so resource // header is used to provide information about object type - services.ResourceHeader ResourceHeader = 2 [(gogoproto.jsontag) = "resource,omitempty"]; + services.ResourceHeader ResourceHeader = 2 [ (gogoproto.jsontag) = "resource,omitempty" ]; // CertAuthority is filled in certificate-authority related events - services.CertAuthorityV2 CertAuthority = 3 [(gogoproto.jsontag) = "cert_authority,omitempty"]; + services.CertAuthorityV2 CertAuthority = 3 + [ (gogoproto.jsontag) = "cert_authority,omitempty" ]; // StaticTokens is filled in static-tokens related events - services.StaticTokensV2 StaticTokens = 4 [(gogoproto.jsontag) = "static_tokens,omitempty"]; + services.StaticTokensV2 StaticTokens = 4 + [ (gogoproto.jsontag) = "static_tokens,omitempty" ]; // ProvisionToken is filled in provision-token related events - services.ProvisionTokenV2 ProvisionToken = 5 [(gogoproto.jsontag) = "provision_token,omitempty"]; + services.ProvisionTokenV2 ProvisionToken = 5 + [ (gogoproto.jsontag) = "provision_token,omitempty" ]; // ClusterNameV2 is a cluster name resource - services.ClusterNameV2 ClusterName = 6 [(gogoproto.jsontag) = "cluster_name,omitempty"]; + services.ClusterNameV2 ClusterName = 6 [ (gogoproto.jsontag) = "cluster_name,omitempty" ]; // ClusterConfig is a cluster configuration resource - services.ClusterConfigV3 ClusterConfig = 7 [(gogoproto.jsontag) = "cluster_config,omitempty"]; + services.ClusterConfigV3 ClusterConfig = 7 + [ (gogoproto.jsontag) = "cluster_config,omitempty" ]; // User is a user resource - services.UserV2 User = 8 [(gogoproto.jsontag) = "user,omitempty"]; + services.UserV2 User = 8 [ (gogoproto.jsontag) = "user,omitempty" ]; // Role is a role resource - services.RoleV3 Role = 9 [(gogoproto.jsontag) = "role,omitempty"]; + services.RoleV3 Role = 9 [ (gogoproto.jsontag) = "role,omitempty" ]; // Namespace is a namespace resource - services.Namespace Namespace = 10 [(gogoproto.jsontag) = "namespace,omitempty"]; + services.Namespace Namespace = 10 [ (gogoproto.jsontag) = "namespace,omitempty" ]; // Server is a node or proxy resource - services.ServerV2 Server = 11 [(gogoproto.jsontag) = "server,omitempty"]; + services.ServerV2 Server = 11 [ (gogoproto.jsontag) = "server,omitempty" ]; // ReverseTunnel is a resource with reverse tunnel - services.ReverseTunnelV2 ReverseTunnel = 12 [(gogoproto.jsontag) = "reverse_tunnel,omitempty"]; + services.ReverseTunnelV2 ReverseTunnel = 12 + [ (gogoproto.jsontag) = "reverse_tunnel,omitempty" ]; // TunnelConnection is a resource for tunnel connnections - services.TunnelConnectionV2 TunnelConnection = 13 [(gogoproto.jsontag) = "tunnel_connection,omitempty"]; + services.TunnelConnectionV2 TunnelConnection = 13 + [ (gogoproto.jsontag) = "tunnel_connection,omitempty" ]; // AccessRequest is a resource for access requests - services.AccessRequestV3 AccessRequest = 14 [(gogoproto.jsontag) = "access_request,omitempty"]; + services.AccessRequestV3 AccessRequest = 14 + [ (gogoproto.jsontag) = "access_request,omitempty" ]; } } // Watch specifies watch parameters message Watch { // Kinds specifies object kinds to watch - repeated WatchKind Kinds = 1 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "kinds,omitempty"]; + repeated WatchKind Kinds = 1 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "kinds,omitempty" ]; } // WatchKind specifies resource kind to watch message WatchKind { // Kind is a resource kind to watch - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // LoadSecrets specifies whether to load secrets - bool LoadSecrets = 2 [(gogoproto.jsontag) = "load_secrets"]; + bool LoadSecrets = 2 [ (gogoproto.jsontag) = "load_secrets" ]; // Name is an optional specific resource type to watch, // if specified only the events with a specific resource // name will be sent - string Name = 3 [(gogoproto.jsontag) = "name"]; + string Name = 3 [ (gogoproto.jsontag) = "name" ]; // Filter is an optional mapping of custom filter parameters. // Valid values vary by resource kind. - map Filter = 4 [(gogoproto.jsontag) = "filter,omitempty"]; + map Filter = 4 [ (gogoproto.jsontag) = "filter,omitempty" ]; } // Set of certificates corresponding to a single public key. message Certs { // SSH X509 cert (PEM-encoded). - bytes SSH = 1 [(gogoproto.jsontag) = "ssh,omitempty"]; + bytes SSH = 1 [ (gogoproto.jsontag) = "ssh,omitempty" ]; // TLS X509 cert (PEM-encoded). - bytes TLS = 2 [(gogoproto.jsontag) = "tls,omitempty"]; + bytes TLS = 2 [ (gogoproto.jsontag) = "tls,omitempty" ]; } // UserCertRequest specifies certificate-generation parameters // for a user. message UserCertsRequest { // PublicKey is a public key to be signed. - bytes PublicKey = 1 [(gogoproto.jsontag) = "public_key"]; + bytes PublicKey = 1 [ (gogoproto.jsontag) = "public_key" ]; // Username of key owner. - string Username = 2 [(gogoproto.jsontag) = "username"]; - // Expires is a desired time of the expiry of the certificate, could + string Username = 2 [ (gogoproto.jsontag) = "username" ]; + // Expires is a desired time of the expiry of the certificate, could // be adjusted based on the permissions - google.protobuf.Timestamp Expires = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "expires,omitempty"]; - // Format encodes the desired SSH Certificate format (either old ssh compatibility + google.protobuf.Timestamp Expires = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // Format encodes the desired SSH Certificate format (either old ssh + // compatibility // format to remove some metadata causing trouble with old SSH servers) // or standard SSH cert format with custom extensions - string Format = 4 [(gogoproto.jsontag) = "format,omitempty"]; + string Format = 4 [ (gogoproto.jsontag) = "format,omitempty" ]; // RouteToCluster is an optional cluster name to add to the certificate, // so that requests originating with this certificate will be redirected // to this cluster - string RouteToCluster = 5 [(gogoproto.jsontag) = "route_to_cluster,omitempty"]; + string RouteToCluster = 5 [ (gogoproto.jsontag) = "route_to_cluster,omitempty" ]; // AccessRequests is an optional list of request IDs indicating requests whose // escalated privileges should be added to the certificate. - repeated string AccessRequests = 6 [(gogoproto.jsontag) = "access_requests,omitempty"]; + repeated string AccessRequests = 6 [ (gogoproto.jsontag) = "access_requests,omitempty" ]; } // GetUserRequest specifies parameters for the GetUser method. message GetUserRequest { // Name is the name of the desired user. - string Name = 1 [(gogoproto.jsontag) = "name"]; + string Name = 1 [ (gogoproto.jsontag) = "name" ]; // WithSecrets specifies whether to load associated secrets. - bool WithSecrets = 2 [(gogoproto.jsontag) = "with_secrets,omitempty"]; + bool WithSecrets = 2 [ (gogoproto.jsontag) = "with_secrets,omitempty" ]; } // GetUsersRequest specifies parameters for the GetUsers method. message GetUsersRequest { // WithSecrets specifies whether to load associated secrets. - bool WithSecrets = 1 [(gogoproto.jsontag) = "with_secrets"]; + bool WithSecrets = 1 [ (gogoproto.jsontag) = "with_secrets" ]; } // AccessRequests is a collection of AccessRequest values. message AccessRequests { - repeated services.AccessRequestV3 AccessRequests = 1 [(gogoproto.jsontag) = "access_requests"]; + repeated services.AccessRequestV3 AccessRequests = 1 + [ (gogoproto.jsontag) = "access_requests" ]; } // RequestStateSetter encodes the paramters necessary to update the // state of a privilege escalation request. message RequestStateSetter { - string ID = 1 [(gogoproto.jsontag) = "id"]; - services.RequestState State = 2 [(gogoproto.jsontag) = "state"]; + string ID = 1 [ (gogoproto.jsontag) = "id" ]; + services.RequestState State = 2 [ (gogoproto.jsontag) = "state" ]; } // RequestID is the unique identifier of an access request. -message RequestID { - string ID = 1 [(gogoproto.jsontag) = "id"]; -} +message RequestID { string ID = 1 [ (gogoproto.jsontag) = "id" ]; } // RotateResetPasswordTokenSecretsRequest is a request to rotate token secrets. message RotateResetPasswordTokenSecretsRequest { - string TokenID = 1 [(gogoproto.jsontag) = "token"]; + string TokenID = 1 [ (gogoproto.jsontag) = "token" ]; } // GetResetPasswordTokenRequest is a request to get a reset password token. -message GetResetPasswordTokenRequest { - string TokenID = 1 [(gogoproto.jsontag) = "token"]; -} +message GetResetPasswordTokenRequest { string TokenID = 1 [ (gogoproto.jsontag) = "token" ]; } -// CreateResetPasswordTokenRequest is a request to create an instance of ResetPasswordToken +// CreateResetPasswordTokenRequest is a request to create an instance of +// ResetPasswordToken message CreateResetPasswordTokenRequest { // Name is the user name. - string Name = 1 [(gogoproto.jsontag) = "name"]; + string Name = 1 [ (gogoproto.jsontag) = "name" ]; // Type is a token type. - string Type = 2 [(gogoproto.jsontag) = "type"]; + string Type = 2 [ (gogoproto.jsontag) = "type" ]; // TTL specifies how long the generated token is valid for. - int64 TTL = 3 [(gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration"]; + int64 TTL = 3 [ (gogoproto.jsontag) = "ttl", (gogoproto.casttype) = "Duration" ]; } // AuthService is authentication/authorization service implementation @@ -170,7 +181,8 @@ service AuthService { rpc WatchEvents(Watch) returns (stream Event); // UpsertNode upserts node rpc UpsertNode(services.ServerV2) returns (services.KeepAlive); - // GenerateUserCerts generates a set of user certificates for use by `tctl auth sign`. + // GenerateUserCerts generates a set of user certificates for use by `tctl + // auth sign`. rpc GenerateUserCerts(UserCertsRequest) returns (Certs); // GetUser gets a user resource by name. rpc GetUser(GetUserRequest) returns (services.UserV2); @@ -185,9 +197,11 @@ service AuthService { // SetAccessRequestState sets the state of an access request. rpc SetAccessRequestState(RequestStateSetter) returns (google.protobuf.Empty); // RotateResetPasswordTokenSecrets rotates token secrets for a given tokenID. - rpc RotateResetPasswordTokenSecrets(RotateResetPasswordTokenSecretsRequest) returns (services.ResetPasswordTokenSecretsV3); + rpc RotateResetPasswordTokenSecrets(RotateResetPasswordTokenSecretsRequest) + returns (services.ResetPasswordTokenSecretsV3); // GetResetPasswordToken returns a token. rpc GetResetPasswordToken(GetResetPasswordTokenRequest) returns (services.ResetPasswordTokenV3); // CreateResetPasswordToken creates ResetPasswordToken. - rpc CreateResetPasswordToken(CreateResetPasswordTokenRequest) returns (services.ResetPasswordTokenV3); + rpc CreateResetPasswordToken(CreateResetPasswordTokenRequest) + returns (services.ResetPasswordTokenV3); } \ No newline at end of file diff --git a/lib/events/slice.pb.go b/lib/events/slice.pb.go index 7fb71eeb0749a..c2111b014f498 100644 --- a/lib/events/slice.pb.go +++ b/lib/events/slice.pb.go @@ -43,7 +43,7 @@ func (m *SessionSlice) Reset() { *m = SessionSlice{} } func (m *SessionSlice) String() string { return proto.CompactTextString(m) } func (*SessionSlice) ProtoMessage() {} func (*SessionSlice) Descriptor() ([]byte, []int) { - return fileDescriptor_slice_c27e90ee7997b6d0, []int{0} + return fileDescriptor_slice_fde4e6ff9bad9f4f, []int{0} } func (m *SessionSlice) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -104,7 +104,8 @@ func (m *SessionSlice) GetVersion() int64 { type SessionChunk struct { // Time is the occurence of this event Time int64 `protobuf:"varint,2,opt,name=Time,proto3" json:"Time,omitempty"` - // Data is captured data, contains event fields in case of event, session data otherwise + // Data is captured data, contains event fields in case of event, session data + // otherwise Data []byte `protobuf:"bytes,3,opt,name=Data,proto3" json:"Data,omitempty"` // EventType is event type EventType string `protobuf:"bytes,4,opt,name=EventType,proto3" json:"EventType,omitempty"` @@ -125,7 +126,7 @@ func (m *SessionChunk) Reset() { *m = SessionChunk{} } func (m *SessionChunk) String() string { return proto.CompactTextString(m) } func (*SessionChunk) ProtoMessage() {} func (*SessionChunk) Descriptor() ([]byte, []int) { - return fileDescriptor_slice_c27e90ee7997b6d0, []int{1} + return fileDescriptor_slice_fde4e6ff9bad9f4f, []int{1} } func (m *SessionChunk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -972,9 +973,9 @@ var ( ErrIntOverflowSlice = fmt.Errorf("proto: integer overflow") ) -func init() { proto.RegisterFile("slice.proto", fileDescriptor_slice_c27e90ee7997b6d0) } +func init() { proto.RegisterFile("slice.proto", fileDescriptor_slice_fde4e6ff9bad9f4f) } -var fileDescriptor_slice_c27e90ee7997b6d0 = []byte{ +var fileDescriptor_slice_fde4e6ff9bad9f4f = []byte{ // 329 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x91, 0xc1, 0x4e, 0xc2, 0x40, 0x10, 0x86, 0x59, 0x0b, 0x05, 0x16, 0x0e, 0x66, 0x43, 0xc8, 0x06, 0x4d, 0xd3, 0x70, 0xea, 0xc1, diff --git a/lib/events/slice.proto b/lib/events/slice.proto index 3b32d1be95a6f..c072cc69bb973 100644 --- a/lib/events/slice.proto +++ b/lib/events/slice.proto @@ -12,28 +12,28 @@ message SessionSlice { // Chunks is a list of submitted session chunks repeated SessionChunk Chunks = 3; // Version specifies session slice version - int64 Version = 4; + int64 Version = 4; } // SessionChunk is a chunk to be posted in the context of the session message SessionChunk { // Time is the occurence of this event - int64 Time = 2; - // Data is captured data, contains event fields in case of event, session data otherwise + int64 Time = 2; + // Data is captured data, contains event fields in case of event, session data + // otherwise bytes Data = 3; // EventType is event type - string EventType = 4; + string EventType = 4; // EventIndex is the event global index - int64 EventIndex = 5; + int64 EventIndex = 5; // Index is the autoincremented chunk index int64 ChunkIndex = 6; // Offset is an offset from the previous chunk in bytes - int64 Offset = 7; + int64 Offset = 7; // Delay is a delay from the previous event in milliseconds int64 Delay = 8; } service AuditLog { - rpc SubmitSessionSlice(stream SessionSlice) returns (google.protobuf.Empty) { - } + rpc SubmitSessionSlice(stream SessionSlice) returns (google.protobuf.Empty) {} } diff --git a/lib/services/types.pb.go b/lib/services/types.pb.go index 4571185474357..4655c98568147 100644 --- a/lib/services/types.pb.go +++ b/lib/services/types.pb.go @@ -64,7 +64,7 @@ func (x RequestState) String() string { return proto.EnumName(RequestState_name, int32(x)) } func (RequestState) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{0} + return fileDescriptor_types_62fad942422eb27d, []int{0} } type KeepAlive struct { @@ -85,7 +85,7 @@ func (m *KeepAlive) Reset() { *m = KeepAlive{} } func (m *KeepAlive) String() string { return proto.CompactTextString(m) } func (*KeepAlive) ProtoMessage() {} func (*KeepAlive) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{0} + return fileDescriptor_types_62fad942422eb27d, []int{0} } func (m *KeepAlive) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -125,7 +125,8 @@ type Metadata struct { Description string `protobuf:"bytes,3,opt,name=Description,proto3" json:"description,omitempty"` // Labels is a set of labels Labels map[string]string `protobuf:"bytes,5,rep,name=Labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Expires is a global expiry time header can be set on any resource in the system. + // Expires is a global expiry time header can be set on any resource in the + // system. Expires *time.Time `protobuf:"bytes,6,opt,name=Expires,stdtime" json:"expires,omitempty"` // ID is a record ID ID int64 `protobuf:"varint,7,opt,name=ID,proto3" json:"id,omitempty"` @@ -138,7 +139,7 @@ func (m *Metadata) Reset() { *m = Metadata{} } func (m *Metadata) String() string { return proto.CompactTextString(m) } func (*Metadata) ProtoMessage() {} func (*Metadata) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{1} + return fileDescriptor_types_62fad942422eb27d, []int{1} } func (m *Metadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -197,7 +198,7 @@ type Rotation struct { func (m *Rotation) Reset() { *m = Rotation{} } func (*Rotation) ProtoMessage() {} func (*Rotation) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{2} + return fileDescriptor_types_62fad942422eb27d, []int{2} } func (m *Rotation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -244,7 +245,7 @@ func (m *RotationSchedule) Reset() { *m = RotationSchedule{} } func (m *RotationSchedule) String() string { return proto.CompactTextString(m) } func (*RotationSchedule) ProtoMessage() {} func (*RotationSchedule) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{3} + return fileDescriptor_types_62fad942422eb27d, []int{3} } func (m *RotationSchedule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -293,7 +294,7 @@ func (m *ResourceHeader) Reset() { *m = ResourceHeader{} } func (m *ResourceHeader) String() string { return proto.CompactTextString(m) } func (*ResourceHeader) ProtoMessage() {} func (*ResourceHeader) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{4} + return fileDescriptor_types_62fad942422eb27d, []int{4} } func (m *ResourceHeader) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -342,7 +343,7 @@ type ServerV2 struct { func (m *ServerV2) Reset() { *m = ServerV2{} } func (*ServerV2) ProtoMessage() {} func (*ServerV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{5} + return fileDescriptor_types_62fad942422eb27d, []int{5} } func (m *ServerV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -395,7 +396,7 @@ func (m *ServerSpecV2) Reset() { *m = ServerSpecV2{} } func (m *ServerSpecV2) String() string { return proto.CompactTextString(m) } func (*ServerSpecV2) ProtoMessage() {} func (*ServerSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{6} + return fileDescriptor_types_62fad942422eb27d, []int{6} } func (m *ServerSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -442,7 +443,7 @@ func (m *CommandLabelV2) Reset() { *m = CommandLabelV2{} } func (m *CommandLabelV2) String() string { return proto.CompactTextString(m) } func (*CommandLabelV2) ProtoMessage() {} func (*CommandLabelV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{7} + return fileDescriptor_types_62fad942422eb27d, []int{7} } func (m *CommandLabelV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -486,7 +487,7 @@ func (m *TLSKeyPair) Reset() { *m = TLSKeyPair{} } func (m *TLSKeyPair) String() string { return proto.CompactTextString(m) } func (*TLSKeyPair) ProtoMessage() {} func (*TLSKeyPair) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{8} + return fileDescriptor_types_62fad942422eb27d, []int{8} } func (m *TLSKeyPair) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -535,7 +536,7 @@ type CertAuthorityV2 struct { func (m *CertAuthorityV2) Reset() { *m = CertAuthorityV2{} } func (*CertAuthorityV2) ProtoMessage() {} func (*CertAuthorityV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{9} + return fileDescriptor_types_62fad942422eb27d, []int{9} } func (m *CertAuthorityV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -598,7 +599,7 @@ func (m *CertAuthoritySpecV2) Reset() { *m = CertAuthoritySpecV2{} } func (m *CertAuthoritySpecV2) String() string { return proto.CompactTextString(m) } func (*CertAuthoritySpecV2) ProtoMessage() {} func (*CertAuthoritySpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{10} + return fileDescriptor_types_62fad942422eb27d, []int{10} } func (m *CertAuthoritySpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -643,7 +644,7 @@ func (m *RoleMapping) Reset() { *m = RoleMapping{} } func (m *RoleMapping) String() string { return proto.CompactTextString(m) } func (*RoleMapping) ProtoMessage() {} func (*RoleMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{11} + return fileDescriptor_types_62fad942422eb27d, []int{11} } func (m *RoleMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -678,7 +679,8 @@ type ProvisionTokenV1 struct { // that will be converted to metadata in the SSH and X509 // certificates issued to the user of the token Roles []github_com_gravitational_teleport.Role `protobuf:"bytes,1,rep,name=Roles,casttype=github.com/gravitational/teleport.Role" json:"roles"` - // Expires is a global expiry time header can be set on any resource in the system. + // Expires is a global expiry time header can be set on any resource in the + // system. Expires time.Time `protobuf:"bytes,2,opt,name=Expires,stdtime" json:"expires,omitempty"` // Token is a token name Token string `protobuf:"bytes,3,opt,name=Token,proto3" json:"token"` @@ -690,7 +692,7 @@ type ProvisionTokenV1 struct { func (m *ProvisionTokenV1) Reset() { *m = ProvisionTokenV1{} } func (*ProvisionTokenV1) ProtoMessage() {} func (*ProvisionTokenV1) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{12} + return fileDescriptor_types_62fad942422eb27d, []int{12} } func (m *ProvisionTokenV1) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -739,7 +741,7 @@ type ProvisionTokenV2 struct { func (m *ProvisionTokenV2) Reset() { *m = ProvisionTokenV2{} } func (*ProvisionTokenV2) ProtoMessage() {} func (*ProvisionTokenV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{13} + return fileDescriptor_types_62fad942422eb27d, []int{13} } func (m *ProvisionTokenV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -783,7 +785,7 @@ func (m *ProvisionTokenSpecV2) Reset() { *m = ProvisionTokenSpecV2{} } func (m *ProvisionTokenSpecV2) String() string { return proto.CompactTextString(m) } func (*ProvisionTokenSpecV2) ProtoMessage() {} func (*ProvisionTokenSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{14} + return fileDescriptor_types_62fad942422eb27d, []int{14} } func (m *ProvisionTokenSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -832,7 +834,7 @@ type StaticTokensV2 struct { func (m *StaticTokensV2) Reset() { *m = StaticTokensV2{} } func (*StaticTokensV2) ProtoMessage() {} func (*StaticTokensV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{15} + return fileDescriptor_types_62fad942422eb27d, []int{15} } func (m *StaticTokensV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -875,7 +877,7 @@ func (m *StaticTokensSpecV2) Reset() { *m = StaticTokensSpecV2{} } func (m *StaticTokensSpecV2) String() string { return proto.CompactTextString(m) } func (*StaticTokensSpecV2) ProtoMessage() {} func (*StaticTokensSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{16} + return fileDescriptor_types_62fad942422eb27d, []int{16} } func (m *StaticTokensSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -924,7 +926,7 @@ type ClusterNameV2 struct { func (m *ClusterNameV2) Reset() { *m = ClusterNameV2{} } func (*ClusterNameV2) ProtoMessage() {} func (*ClusterNameV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{17} + return fileDescriptor_types_62fad942422eb27d, []int{17} } func (m *ClusterNameV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -967,7 +969,7 @@ func (m *ClusterNameSpecV2) Reset() { *m = ClusterNameSpecV2{} } func (m *ClusterNameSpecV2) String() string { return proto.CompactTextString(m) } func (*ClusterNameSpecV2) ProtoMessage() {} func (*ClusterNameSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{18} + return fileDescriptor_types_62fad942422eb27d, []int{18} } func (m *ClusterNameSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1016,7 +1018,7 @@ type ClusterConfigV3 struct { func (m *ClusterConfigV3) Reset() { *m = ClusterConfigV3{} } func (*ClusterConfigV3) ProtoMessage() {} func (*ClusterConfigV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{19} + return fileDescriptor_types_62fad942422eb27d, []int{19} } func (m *ClusterConfigV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1057,7 +1059,8 @@ type ClusterConfigSpecV3 struct { ProxyChecksHostKeys string `protobuf:"bytes,3,opt,name=ProxyChecksHostKeys,proto3" json:"proxy_checks_host_keys"` // Audit is a section with audit config Audit AuditConfig `protobuf:"bytes,4,opt,name=Audit" json:"audit"` - // ClientIdleTimeout sets global cluster default setting for client idle timeouts + // ClientIdleTimeout sets global cluster default setting for client idle + // timeouts ClientIdleTimeout Duration `protobuf:"varint,5,opt,name=ClientIdleTimeout,proto3,casttype=Duration" json:"client_idle_timeout"` // DisconnectExpiredCert provides disconnect expired certificate setting - // if true, connections with expired client certificates will get disconnected @@ -1065,7 +1068,8 @@ type ClusterConfigSpecV3 struct { // KeepAliveInterval is the interval the server sends keep-alive messsages // to the client at. KeepAliveInterval Duration `protobuf:"varint,7,opt,name=KeepAliveInterval,proto3,casttype=Duration" json:"keep_alive_interval"` - // KeepAliveCountMax is the number of keep-alive messages that can be missed before + // KeepAliveCountMax is the number of keep-alive messages that can be missed + // before // the server disconnects the connection to the client. KeepAliveCountMax int64 `protobuf:"varint,8,opt,name=KeepAliveCountMax,proto3" json:"keep_alive_count_max"` // LocalAuth is true if local authentication is enabled. @@ -1079,7 +1083,7 @@ func (m *ClusterConfigSpecV3) Reset() { *m = ClusterConfigSpecV3{} } func (m *ClusterConfigSpecV3) String() string { return proto.CompactTextString(m) } func (*ClusterConfigSpecV3) ProtoMessage() {} func (*ClusterConfigSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{20} + return fileDescriptor_types_62fad942422eb27d, []int{20} } func (m *ClusterConfigSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1132,7 +1136,7 @@ func (m *AuditConfig) Reset() { *m = AuditConfig{} } func (m *AuditConfig) String() string { return proto.CompactTextString(m) } func (*AuditConfig) ProtoMessage() {} func (*AuditConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{21} + return fileDescriptor_types_62fad942422eb27d, []int{21} } func (m *AuditConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1182,7 +1186,7 @@ func (m *Namespace) Reset() { *m = Namespace{} } func (m *Namespace) String() string { return proto.CompactTextString(m) } func (*Namespace) ProtoMessage() {} func (*Namespace) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{22} + return fileDescriptor_types_62fad942422eb27d, []int{22} } func (m *Namespace) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1222,7 +1226,7 @@ func (m *NamespaceSpec) Reset() { *m = NamespaceSpec{} } func (m *NamespaceSpec) String() string { return proto.CompactTextString(m) } func (*NamespaceSpec) ProtoMessage() {} func (*NamespaceSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{23} + return fileDescriptor_types_62fad942422eb27d, []int{23} } func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1270,7 +1274,7 @@ type ResetPasswordTokenV3 struct { func (m *ResetPasswordTokenV3) Reset() { *m = ResetPasswordTokenV3{} } func (*ResetPasswordTokenV3) ProtoMessage() {} func (*ResetPasswordTokenV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{24} + return fileDescriptor_types_62fad942422eb27d, []int{24} } func (m *ResetPasswordTokenV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1315,7 +1319,7 @@ func (m *ResetPasswordTokenSpecV3) Reset() { *m = ResetPasswordTokenSpec func (m *ResetPasswordTokenSpecV3) String() string { return proto.CompactTextString(m) } func (*ResetPasswordTokenSpecV3) ProtoMessage() {} func (*ResetPasswordTokenSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{25} + return fileDescriptor_types_62fad942422eb27d, []int{25} } func (m *ResetPasswordTokenSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1363,7 +1367,7 @@ type ResetPasswordTokenSecretsV3 struct { func (m *ResetPasswordTokenSecretsV3) Reset() { *m = ResetPasswordTokenSecretsV3{} } func (*ResetPasswordTokenSecretsV3) ProtoMessage() {} func (*ResetPasswordTokenSecretsV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{26} + return fileDescriptor_types_62fad942422eb27d, []int{26} } func (m *ResetPasswordTokenSecretsV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1408,7 +1412,7 @@ func (m *ResetPasswordTokenSecretsSpecV3) Reset() { *m = ResetPasswordTo func (m *ResetPasswordTokenSecretsSpecV3) String() string { return proto.CompactTextString(m) } func (*ResetPasswordTokenSecretsSpecV3) ProtoMessage() {} func (*ResetPasswordTokenSecretsSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{27} + return fileDescriptor_types_62fad942422eb27d, []int{27} } func (m *ResetPasswordTokenSecretsSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1457,7 +1461,7 @@ type AccessRequestV3 struct { func (m *AccessRequestV3) Reset() { *m = AccessRequestV3{} } func (*AccessRequestV3) ProtoMessage() {} func (*AccessRequestV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{28} + return fileDescriptor_types_62fad942422eb27d, []int{28} } func (m *AccessRequestV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1494,9 +1498,11 @@ type AccessRequestSpecV3 struct { Roles []string `protobuf:"bytes,2,rep,name=Roles" json:"roles"` // State is the current state of this access request. State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=services.RequestState" json:"state,omitempty"` - // Created encodes the time at which the request was registered with the auth server. + // Created encodes the time at which the request was registered with the auth + // server. Created time.Time `protobuf:"bytes,4,opt,name=Created,stdtime" json:"created,omitempty"` - // Expires constrains the maximum lifetime of any login session for which this request is active. + // Expires constrains the maximum lifetime of any login session for which this + // request is active. Expires time.Time `protobuf:"bytes,5,opt,name=Expires,stdtime" json:"expires,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -1507,7 +1513,7 @@ func (m *AccessRequestSpecV3) Reset() { *m = AccessRequestSpecV3{} } func (m *AccessRequestSpecV3) String() string { return proto.CompactTextString(m) } func (*AccessRequestSpecV3) ProtoMessage() {} func (*AccessRequestSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{29} + return fileDescriptor_types_62fad942422eb27d, []int{29} } func (m *AccessRequestSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1553,7 +1559,7 @@ func (m *AccessRequestFilter) Reset() { *m = AccessRequestFilter{} } func (m *AccessRequestFilter) String() string { return proto.CompactTextString(m) } func (*AccessRequestFilter) ProtoMessage() {} func (*AccessRequestFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{30} + return fileDescriptor_types_62fad942422eb27d, []int{30} } func (m *AccessRequestFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1602,7 +1608,7 @@ type RoleV3 struct { func (m *RoleV3) Reset() { *m = RoleV3{} } func (*RoleV3) ProtoMessage() {} func (*RoleV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{31} + return fileDescriptor_types_62fad942422eb27d, []int{31} } func (m *RoleV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1637,7 +1643,8 @@ type RoleSpecV3 struct { Options RoleOptions `protobuf:"bytes,1,opt,name=Options" json:"options,omitempty"` // Allow is the set of conditions evaluated to grant access. Allow RoleConditions `protobuf:"bytes,2,opt,name=Allow" json:"allow,omitempty"` - // Deny is the set of conditions evaluated to deny access. Deny takes priority over allow. + // Deny is the set of conditions evaluated to deny access. Deny takes priority + // over allow. Deny RoleConditions `protobuf:"bytes,3,opt,name=Deny" json:"deny,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -1648,7 +1655,7 @@ func (m *RoleSpecV3) Reset() { *m = RoleSpecV3{} } func (m *RoleSpecV3) String() string { return proto.CompactTextString(m) } func (*RoleSpecV3) ProtoMessage() {} func (*RoleSpecV3) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{32} + return fileDescriptor_types_62fad942422eb27d, []int{32} } func (m *RoleSpecV3) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1683,7 +1690,8 @@ type RoleOptions struct { ForwardAgent Bool `protobuf:"varint,1,opt,name=ForwardAgent,proto3,casttype=Bool" json:"forward_agent"` // MaxSessionTTL defines how long a SSH session can last for. MaxSessionTTL Duration `protobuf:"varint,2,opt,name=MaxSessionTTL,proto3,casttype=Duration" json:"max_session_ttl,omitempty"` - // PortForwarding defines if the certificate will have "permit-port-forwarding" + // PortForwarding defines if the certificate will have + // "permit-port-forwarding" // in the certificate. PortForwarding is "yes" if not set, // that's why this is a pointer PortForwarding *BoolOption `protobuf:"bytes,3,opt,name=PortForwarding,customtype=BoolOption" json:"port_forwarding,omitempty"` @@ -1707,7 +1715,7 @@ func (m *RoleOptions) Reset() { *m = RoleOptions{} } func (m *RoleOptions) String() string { return proto.CompactTextString(m) } func (*RoleOptions) ProtoMessage() {} func (*RoleOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{33} + return fileDescriptor_types_62fad942422eb27d, []int{33} } func (m *RoleOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1744,7 +1752,8 @@ type RoleConditions struct { // Namespaces is a list of namespaces (used to partition a cluster). The // field should be called "namespaces" when it returns in Teleport 2.4. Namespaces []string `protobuf:"bytes,2,rep,name=Namespaces" json:"-"` - // NodeLabels is a map of node labels (used to dynamically grant access to nodes). + // NodeLabels is a map of node labels (used to dynamically grant access to + // nodes). NodeLabels Labels `protobuf:"bytes,3,opt,name=NodeLabels,customtype=Labels" json:"node_labels,omitempty"` // Rules is a list of rules and their access levels. Rules are a high level // construct used for access control. @@ -1761,7 +1770,7 @@ func (m *RoleConditions) Reset() { *m = RoleConditions{} } func (m *RoleConditions) String() string { return proto.CompactTextString(m) } func (*RoleConditions) ProtoMessage() {} func (*RoleConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{34} + return fileDescriptor_types_62fad942422eb27d, []int{34} } func (m *RoleConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1790,7 +1799,8 @@ func (m *RoleConditions) XXX_DiscardUnknown() { var xxx_messageInfo_RoleConditions proto.InternalMessageInfo -// AccessRequestConditions is a matcher for allow/deny restrictions on access-requests. +// AccessRequestConditions is a matcher for allow/deny restrictions on +// access-requests. type AccessRequestConditions struct { // Roles is the name of roles which will match the request rule. Roles []string `protobuf:"bytes,1,rep,name=Roles" json:"roles,omitempty"` @@ -1803,7 +1813,7 @@ func (m *AccessRequestConditions) Reset() { *m = AccessRequestConditions func (m *AccessRequestConditions) String() string { return proto.CompactTextString(m) } func (*AccessRequestConditions) ProtoMessage() {} func (*AccessRequestConditions) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{35} + return fileDescriptor_types_62fad942422eb27d, []int{35} } func (m *AccessRequestConditions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1852,7 +1862,7 @@ func (m *Rule) Reset() { *m = Rule{} } func (m *Rule) String() string { return proto.CompactTextString(m) } func (*Rule) ProtoMessage() {} func (*Rule) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{36} + return fileDescriptor_types_62fad942422eb27d, []int{36} } func (m *Rule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1894,7 +1904,7 @@ func (m *BoolValue) Reset() { *m = BoolValue{} } func (m *BoolValue) String() string { return proto.CompactTextString(m) } func (*BoolValue) ProtoMessage() {} func (*BoolValue) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{37} + return fileDescriptor_types_62fad942422eb27d, []int{37} } func (m *BoolValue) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1943,7 +1953,7 @@ type UserV2 struct { func (m *UserV2) Reset() { *m = UserV2{} } func (*UserV2) ProtoMessage() {} func (*UserV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{38} + return fileDescriptor_types_62fad942422eb27d, []int{38} } func (m *UserV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1995,7 +2005,8 @@ type UserSpecV2 struct { Expires time.Time `protobuf:"bytes,7,opt,name=Expires,stdtime" json:"expires"` // CreatedBy holds information about agent or person created this user CreatedBy CreatedBy `protobuf:"bytes,8,opt,name=CreatedBy" json:"created_by,omitempty"` - // LocalAuths hold sensitive data necessary for performing local authentication + // LocalAuths hold sensitive data necessary for performing local + // authentication LocalAuth *LocalAuthSecrets `protobuf:"bytes,9,opt,name=LocalAuth" json:"local_auth,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -2006,7 +2017,7 @@ func (m *UserSpecV2) Reset() { *m = UserSpecV2{} } func (m *UserSpecV2) String() string { return proto.CompactTextString(m) } func (*UserSpecV2) ProtoMessage() {} func (*UserSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{39} + return fileDescriptor_types_62fad942422eb27d, []int{39} } func (m *UserSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2051,7 +2062,7 @@ type ExternalIdentity struct { func (m *ExternalIdentity) Reset() { *m = ExternalIdentity{} } func (*ExternalIdentity) ProtoMessage() {} func (*ExternalIdentity) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{40} + return fileDescriptor_types_62fad942422eb27d, []int{40} } func (m *ExternalIdentity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2099,7 +2110,7 @@ func (m *LoginStatus) Reset() { *m = LoginStatus{} } func (m *LoginStatus) String() string { return proto.CompactTextString(m) } func (*LoginStatus) ProtoMessage() {} func (*LoginStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{41} + return fileDescriptor_types_62fad942422eb27d, []int{41} } func (m *LoginStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2155,7 @@ type CreatedBy struct { func (m *CreatedBy) Reset() { *m = CreatedBy{} } func (*CreatedBy) ProtoMessage() {} func (*CreatedBy) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{42} + return fileDescriptor_types_62fad942422eb27d, []int{42} } func (m *CreatedBy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2190,7 +2201,7 @@ func (m *U2FRegistrationData) Reset() { *m = U2FRegistrationData{} } func (m *U2FRegistrationData) String() string { return proto.CompactTextString(m) } func (*U2FRegistrationData) ProtoMessage() {} func (*U2FRegistrationData) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{43} + return fileDescriptor_types_62fad942422eb27d, []int{43} } func (m *U2FRegistrationData) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2227,7 +2238,8 @@ type LocalAuthSecrets struct { TOTPKey string `protobuf:"bytes,2,opt,name=TOTPKey,proto3" json:"totp_key,omitempty"` // U2FRegistration holds Universal Second Factor registration info. U2FRegistration *U2FRegistrationData `protobuf:"bytes,3,opt,name=U2FRegistration" json:"u2f_registration,omitempty"` - // U2FCounter holds the highest seen Universal Second Factor registration count. + // U2FCounter holds the highest seen Universal Second Factor registration + // count. U2FCounter uint32 `protobuf:"varint,4,opt,name=U2FCounter,proto3" json:"u2f_counter,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -2238,7 +2250,7 @@ func (m *LocalAuthSecrets) Reset() { *m = LocalAuthSecrets{} } func (m *LocalAuthSecrets) String() string { return proto.CompactTextString(m) } func (*LocalAuthSecrets) ProtoMessage() {} func (*LocalAuthSecrets) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{44} + return fileDescriptor_types_62fad942422eb27d, []int{44} } func (m *LocalAuthSecrets) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2296,7 @@ func (m *ConnectorRef) Reset() { *m = ConnectorRef{} } func (m *ConnectorRef) String() string { return proto.CompactTextString(m) } func (*ConnectorRef) ProtoMessage() {} func (*ConnectorRef) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{45} + return fileDescriptor_types_62fad942422eb27d, []int{45} } func (m *ConnectorRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2326,7 +2338,7 @@ func (m *UserRef) Reset() { *m = UserRef{} } func (m *UserRef) String() string { return proto.CompactTextString(m) } func (*UserRef) ProtoMessage() {} func (*UserRef) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{46} + return fileDescriptor_types_62fad942422eb27d, []int{46} } func (m *UserRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2376,7 +2388,7 @@ func (m *ReverseTunnelV2) Reset() { *m = ReverseTunnelV2{} } func (m *ReverseTunnelV2) String() string { return proto.CompactTextString(m) } func (*ReverseTunnelV2) ProtoMessage() {} func (*ReverseTunnelV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{47} + return fileDescriptor_types_62fad942422eb27d, []int{47} } func (m *ReverseTunnelV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2423,7 +2435,7 @@ func (m *ReverseTunnelSpecV2) Reset() { *m = ReverseTunnelSpecV2{} } func (m *ReverseTunnelSpecV2) String() string { return proto.CompactTextString(m) } func (*ReverseTunnelSpecV2) ProtoMessage() {} func (*ReverseTunnelSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{48} + return fileDescriptor_types_62fad942422eb27d, []int{48} } func (m *ReverseTunnelSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2472,7 +2484,7 @@ type TunnelConnectionV2 struct { func (m *TunnelConnectionV2) Reset() { *m = TunnelConnectionV2{} } func (*TunnelConnectionV2) ProtoMessage() {} func (*TunnelConnectionV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{49} + return fileDescriptor_types_62fad942422eb27d, []int{49} } func (m *TunnelConnectionV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2520,7 +2532,7 @@ func (m *TunnelConnectionSpecV2) Reset() { *m = TunnelConnectionSpecV2{} func (m *TunnelConnectionSpecV2) String() string { return proto.CompactTextString(m) } func (*TunnelConnectionSpecV2) ProtoMessage() {} func (*TunnelConnectionSpecV2) Descriptor() ([]byte, []int) { - return fileDescriptor_types_0caf2bb1214100a2, []int{50} + return fileDescriptor_types_62fad942422eb27d, []int{50} } func (m *TunnelConnectionSpecV2) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -15391,9 +15403,9 @@ var ( ErrIntOverflowTypes = fmt.Errorf("proto: integer overflow") ) -func init() { proto.RegisterFile("types.proto", fileDescriptor_types_0caf2bb1214100a2) } +func init() { proto.RegisterFile("types.proto", fileDescriptor_types_62fad942422eb27d) } -var fileDescriptor_types_0caf2bb1214100a2 = []byte{ +var fileDescriptor_types_62fad942422eb27d = []byte{ // 3850 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x3a, 0x4d, 0x6f, 0x1c, 0xc9, 0x75, 0xea, 0x99, 0x21, 0x39, 0xf3, 0x86, 0xa4, 0x46, 0x45, 0x4a, 0x1a, 0x49, 0xbb, 0x6a, 0x6e, diff --git a/lib/services/types.proto b/lib/services/types.proto index 9392f1fd9058f..0b0b3f816d745 100644 --- a/lib/services/types.proto +++ b/lib/services/types.proto @@ -11,30 +11,39 @@ option (gogoproto.goproto_getters_all) = false; message KeepAlive { // ServerName is a server name to keep alive - string ServerName = 1 [(gogoproto.jsontag) = "server_name"]; + string ServerName = 1 [ (gogoproto.jsontag) = "server_name" ]; // Namespace is a server namespace - string Namespace = 2 [(gogoproto.jsontag) = "namespace"]; + string Namespace = 2 [ (gogoproto.jsontag) = "namespace" ]; // LeaseID is ID of the lease - int64 LeaseID = 3 [(gogoproto.jsontag) = "lease_id"]; + int64 LeaseID = 3 [ (gogoproto.jsontag) = "lease_id" ]; // Expires is set to update expiry time - google.protobuf.Timestamp Expires = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "expires"]; + google.protobuf.Timestamp Expires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; } // Metadata is resource metadata message Metadata { // Name is an object name - string Name = 1 [(gogoproto.jsontag) = "name"]; - // Namespace is object namespace. The field should be called "namespace" - // when it returns in Teleport 2.4. - string Namespace = 2 [(gogoproto.jsontag) = "-"]; - // Description is object description - string Description = 3 [(gogoproto.jsontag) = "description,omitempty"]; - // Labels is a set of labels - map Labels = 5 [(gogoproto.jsontag) = "labels,omitempty"]; - // Expires is a global expiry time header can be set on any resource in the system. - google.protobuf.Timestamp Expires = 6 [(gogoproto.stdtime) = true, (gogoproto.nullable) = true, (gogoproto.jsontag) = "expires,omitempty"]; + string Name = 1 [ (gogoproto.jsontag) = "name" ]; + // Namespace is object namespace. The field should be called "namespace" + // when it returns in Teleport 2.4. + string Namespace = 2 [ (gogoproto.jsontag) = "-" ]; + // Description is object description + string Description = 3 [ (gogoproto.jsontag) = "description,omitempty" ]; + // Labels is a set of labels + map Labels = 5 [ (gogoproto.jsontag) = "labels,omitempty" ]; + // Expires is a global expiry time header can be set on any resource in the + // system. + google.protobuf.Timestamp Expires = 6 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "expires,omitempty" + ]; // ID is a record ID - int64 ID = 7 [(gogoproto.jsontag) = "id,omitempty"]; + int64 ID = 7 [ (gogoproto.jsontag) = "id,omitempty" ]; }; // Rotation is a status of the rotation of the certificate authority @@ -42,50 +51,73 @@ message Rotation { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; - // State could be one of "init" or "in_progress". - string State = 1 [(gogoproto.jsontag) = "state,omitempty"]; - // Phase is the current rotation phase. - string Phase = 2 [(gogoproto.jsontag) = "phase,omitempty"]; - // Mode sets manual or automatic rotation mode. - string Mode = 3 [(gogoproto.jsontag) = "mode,omitempty"]; - // CurrentID is the ID of the rotation operation - // to differentiate between rotation attempts. - string CurrentID = 4 [(gogoproto.jsontag) = "current_id"]; - // Started is set to the time when rotation has been started - // in case if the state of the rotation is "in_progress". - google.protobuf.Timestamp Started = 5 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true, (gogoproto.jsontag) = "started,omitempty"]; - // GracePeriod is a period during which old and new CA - // are valid for checking purposes, but only new CA is issuing certificates. - int64 GracePeriod = 6 [(gogoproto.jsontag) = "grace_period,omitempty", (gogoproto.casttype) = "Duration"]; - // LastRotated specifies the last time of the completed rotation. - google.protobuf.Timestamp LastRotated = 7 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true, (gogoproto.jsontag) = "last_rotated,omitempty"]; - // Schedule is a rotation schedule - used in - // automatic mode to switch beetween phases. - RotationSchedule Schedule = 8 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "schedule,omitempty"]; + // State could be one of "init" or "in_progress". + string State = 1 [ (gogoproto.jsontag) = "state,omitempty" ]; + // Phase is the current rotation phase. + string Phase = 2 [ (gogoproto.jsontag) = "phase,omitempty" ]; + // Mode sets manual or automatic rotation mode. + string Mode = 3 [ (gogoproto.jsontag) = "mode,omitempty" ]; + // CurrentID is the ID of the rotation operation + // to differentiate between rotation attempts. + string CurrentID = 4 [ (gogoproto.jsontag) = "current_id" ]; + // Started is set to the time when rotation has been started + // in case if the state of the rotation is "in_progress". + google.protobuf.Timestamp Started = 5 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "started,omitempty" + ]; + // GracePeriod is a period during which old and new CA + // are valid for checking purposes, but only new CA is issuing certificates. + int64 GracePeriod = 6 + [ (gogoproto.jsontag) = "grace_period,omitempty", (gogoproto.casttype) = "Duration" ]; + // LastRotated specifies the last time of the completed rotation. + google.protobuf.Timestamp LastRotated = 7 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "last_rotated,omitempty" + ]; + // Schedule is a rotation schedule - used in + // automatic mode to switch beetween phases. + RotationSchedule Schedule = 8 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "schedule,omitempty" ]; } // RotationSchedule is a rotation schedule setting time switches // for different phases. message RotationSchedule { - // UpdateClients specifies time to switch to the "Update clients" phase - google.protobuf.Timestamp UpdateClients = 1 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true, (gogoproto.jsontag) = "update_clients,omitempty"]; - // UpdateServers specifies time to switch to the "Update servers" phase. - google.protobuf.Timestamp UpdateServers = 2 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true, (gogoproto.jsontag) = "update_servers,omitempty"]; - // Standby specifies time to switch to the "Standby" phase. - google.protobuf.Timestamp Standby = 3 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true, (gogoproto.jsontag) = "standby,omitempty"]; + // UpdateClients specifies time to switch to the "Update clients" phase + google.protobuf.Timestamp UpdateClients = 1 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "update_clients,omitempty" + ]; + // UpdateServers specifies time to switch to the "Update servers" phase. + google.protobuf.Timestamp UpdateServers = 2 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "update_servers,omitempty" + ]; + // Standby specifies time to switch to the "Standby" phase. + google.protobuf.Timestamp Standby = 3 [ + (gogoproto.nullable) = false, + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "standby,omitempty" + ]; } // ResorceHeader is a shared resource header // used in cases when only type and name is known message ResourceHeader { - // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind,omitempty"]; - // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version,omitempty"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata,omitempty"]; + // Kind is a resource kind + string Kind = 1 [ (gogoproto.jsontag) = "kind,omitempty" ]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version,omitempty" ]; + // Metadata is User metadata + Metadata Metadata = 4 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata,omitempty" ]; } // ServerV2 represents a Node, Proxy or Auth server in a Teleport cluster @@ -94,52 +126,53 @@ message ServerV2 { option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a server spec - ServerSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + ServerSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // ServerSpecV2 is a specification for V2 Server -message ServerSpecV2 { - // Addr is server host:port address - string Addr = 1 [(gogoproto.jsontag) = "addr"]; - // PublicAddr is the public address this cluster can be reached at. - string PublicAddr = 2 [(gogoproto.jsontag) = "public_addr,omitempty"]; - // Hostname is server hostname - string Hostname = 3 [(gogoproto.jsontag) = "hostname"]; - // CmdLabels is server dynamic labels - map CmdLabels = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "cmd_labels,omitempty"]; - // Rotation specifies server rotation - Rotation Rotation = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "rotation,omitempty"]; - // UseTunnel indicates that connections to this server should occur over a - // reverse tunnel. - bool UseTunnel = 6 [(gogoproto.jsontag) = "use_tunnel,omitempty"]; +message ServerSpecV2 { + // Addr is server host:port address + string Addr = 1 [ (gogoproto.jsontag) = "addr" ]; + // PublicAddr is the public address this cluster can be reached at. + string PublicAddr = 2 [ (gogoproto.jsontag) = "public_addr,omitempty" ]; + // Hostname is server hostname + string Hostname = 3 [ (gogoproto.jsontag) = "hostname" ]; + // CmdLabels is server dynamic labels + map CmdLabels = 4 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "cmd_labels,omitempty" ]; + // Rotation specifies server rotation + Rotation Rotation = 5 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "rotation,omitempty" ]; + // UseTunnel indicates that connections to this server should occur over a + // reverse tunnel. + bool UseTunnel = 6 [ (gogoproto.jsontag) = "use_tunnel,omitempty" ]; } // CommandLabelV2 is a label that has a value as a result of the // output generated by running command, e.g. hostname message CommandLabelV2 { - // Period is a time between command runs - int64 Period = 1 [(gogoproto.jsontag) = "period", (gogoproto.casttype) = "Duration"]; - // Command is a command to run - repeated string Command = 2 [(gogoproto.jsontag) = "command"]; - // Result captures standard output - string Result = 3 [(gogoproto.jsontag) = "result"]; + // Period is a time between command runs + int64 Period = 1 [ (gogoproto.jsontag) = "period", (gogoproto.casttype) = "Duration" ]; + // Command is a command to run + repeated string Command = 2 [ (gogoproto.jsontag) = "command" ]; + // Result captures standard output + string Result = 3 [ (gogoproto.jsontag) = "result" ]; } - // TLSKeyPair is a TLS key pair message TLSKeyPair { - // Cert is a PEM encoded TLS cert - bytes Cert = 1 [(gogoproto.jsontag) = "cert,omitempty"]; - // Key is a PEM encoded TLS key - bytes Key = 2 [(gogoproto.jsontag) = "key,omitempty"]; + // Cert is a PEM encoded TLS cert + bytes Cert = 1 [ (gogoproto.jsontag) = "cert,omitempty" ]; + // Key is a PEM encoded TLS key + bytes Key = 2 [ (gogoproto.jsontag) = "key,omitempty" ]; } // CertAuthorityV2 is version 2 resource spec for Cert Authority @@ -147,51 +180,54 @@ message CertAuthorityV2 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; + string Version = 3 [ (gogoproto.jsontag) = "version" ]; // Metadata is connector metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec contains cert authority specification - CertAuthoritySpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + CertAuthoritySpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // CertAuthoritySpecV2 is a host or user certificate authority that // can check and if it has private key stored as well, sign it too message CertAuthoritySpecV2 { - // Type is either user or host certificate authority - string Type = 1 [(gogoproto.jsontag) = "type", (gogoproto.casttype) = "CertAuthType"]; - // DELETE IN(2.7.0) this field is deprecated, - // as resource name matches cluster name after migrations. - // and this property is enforced by the auth server code. - // ClusterName identifies cluster name this authority serves, - // for host authorities that means base hostname of all servers, - // for user authorities that means organization name - string ClusterName = 2 [(gogoproto.jsontag) = "cluster_name"]; - // Checkers is a list of SSH public keys that can be used to check - // certificate signatures - repeated bytes CheckingKeys = 3 [(gogoproto.jsontag) = "checking_keys"]; - // SigningKeys is a list of private keys used for signing - repeated bytes SigningKeys = 4 [(gogoproto.jsontag) = "signing_keys,omitempty"]; - // Roles is a list of roles assumed by users signed by this CA - repeated string Roles = 5 [(gogoproto.jsontag) = "roles,omitempty"]; - // RoleMap specifies role mappings to remote roles - repeated RoleMapping RoleMap = 6 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "role_map,omitempty"]; - // TLS is a list of TLS key pairs - repeated TLSKeyPair TLSKeyPairs = 7 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "tls_key_pairs,omitempty"]; - // Rotation is a status of the certificate authority rotation - Rotation Rotation = 8 [(gogoproto.nullable) = true, (gogoproto.jsontag) = "rotation,omitempty"]; + // Type is either user or host certificate authority + string Type = 1 [ (gogoproto.jsontag) = "type", (gogoproto.casttype) = "CertAuthType" ]; + // DELETE IN(2.7.0) this field is deprecated, + // as resource name matches cluster name after migrations. + // and this property is enforced by the auth server code. + // ClusterName identifies cluster name this authority serves, + // for host authorities that means base hostname of all servers, + // for user authorities that means organization name + string ClusterName = 2 [ (gogoproto.jsontag) = "cluster_name" ]; + // Checkers is a list of SSH public keys that can be used to check + // certificate signatures + repeated bytes CheckingKeys = 3 [ (gogoproto.jsontag) = "checking_keys" ]; + // SigningKeys is a list of private keys used for signing + repeated bytes SigningKeys = 4 [ (gogoproto.jsontag) = "signing_keys,omitempty" ]; + // Roles is a list of roles assumed by users signed by this CA + repeated string Roles = 5 [ (gogoproto.jsontag) = "roles,omitempty" ]; + // RoleMap specifies role mappings to remote roles + repeated RoleMapping RoleMap = 6 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "role_map,omitempty" ]; + // TLS is a list of TLS key pairs + repeated TLSKeyPair TLSKeyPairs = 7 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "tls_key_pairs,omitempty" ]; + // Rotation is a status of the certificate authority rotation + Rotation Rotation = 8 + [ (gogoproto.nullable) = true, (gogoproto.jsontag) = "rotation,omitempty" ]; } // RoleMappping provides mapping of remote roles to local roles // for trusted clusters message RoleMapping { - // Remote specifies remote role name to map from - string Remote = 1 [(gogoproto.jsontag) = "remote"]; - // Local specifies local roles to map to - repeated string Local = 2 [(gogoproto.jsontag) = "local"]; + // Remote specifies remote role name to map from + string Remote = 1 [ (gogoproto.jsontag) = "remote" ]; + // Local specifies local roles to map to + repeated string Local = 2 [ (gogoproto.jsontag) = "local" ]; } // ProvisionTokenV1 is a provisioning token V1 @@ -199,14 +235,22 @@ message ProvisionTokenV1 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; - // Roles is a list of roles associated with the token, - // that will be converted to metadata in the SSH and X509 - // certificates issued to the user of the token - repeated string Roles = 1 [(gogoproto.jsontag) = "roles", (gogoproto.casttype) = "github.com/gravitational/teleport.Role"]; - // Expires is a global expiry time header can be set on any resource in the system. - google.protobuf.Timestamp Expires = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "expires,omitempty"]; - // Token is a token name - string Token = 3 [(gogoproto.jsontag) = "token"]; + // Roles is a list of roles associated with the token, + // that will be converted to metadata in the SSH and X509 + // certificates issued to the user of the token + repeated string Roles = 1 [ + (gogoproto.jsontag) = "roles", + (gogoproto.casttype) = "github.com/gravitational/teleport.Role" + ]; + // Expires is a global expiry time header can be set on any resource in the + // system. + google.protobuf.Timestamp Expires = 2 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; + // Token is a token name + string Token = 3 [ (gogoproto.jsontag) = "token" ]; } // ProvisionTokenV2 specifies provisioning token @@ -215,49 +259,51 @@ message ProvisionTokenV2 { option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a provisioning token V2 spec - ProvisionTokenSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + ProvisionTokenSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // ProvisionTokenSpecV2 is a specification for V2 token -message ProvisionTokenSpecV2 { - // Roles is a list of roles associated with the token, - // that will be converted to metadata in the SSH and X509 - // certificates issued to the user of the token - repeated string Roles = 1 [(gogoproto.jsontag) = "roles", (gogoproto.casttype) = "github.com/gravitational/teleport.Role"]; +message ProvisionTokenSpecV2 { + // Roles is a list of roles associated with the token, + // that will be converted to metadata in the SSH and X509 + // certificates issued to the user of the token + repeated string Roles = 1 [ + (gogoproto.jsontag) = "roles", + (gogoproto.casttype) = "github.com/gravitational/teleport.Role" + ]; } - // StaticTokensV2 implements the StaticTokens interface. message StaticTokensV2 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a provisioning token V2 spec - StaticTokensSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + StaticTokensSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } - // StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2. -message StaticTokensSpecV2 { - // StaticTokens is a list of tokens that can be used to add nodes to the - // cluster. - repeated ProvisionTokenV1 StaticTokens = 1 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "static_tokens"]; +message StaticTokensSpecV2 { + // StaticTokens is a list of tokens that can be used to add nodes to the + // cluster. + repeated ProvisionTokenV1 StaticTokens = 1 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "static_tokens" ]; } // ClusterNameV2 implements the ClusterName interface. @@ -266,22 +312,22 @@ message ClusterNameV2 { option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a cluster name V2 spec - ClusterNameSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + ClusterNameSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // ClusterNameSpecV2 is the actual data we care about for ClusterName. -message ClusterNameSpecV2 { - // ClusterName is the name of the cluster. Changing this value once the - // cluster is setup can and will cause catastrophic problems. - string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; +message ClusterNameSpecV2 { + // ClusterName is the name of the cluster. Changing this value once the + // cluster is setup can and will cause catastrophic problems. + string ClusterName = 1 [ (gogoproto.jsontag) = "cluster_name" ]; } // ClusterConfigV3 implements the ClusterConfig interface. @@ -290,152 +336,170 @@ message ClusterConfigV3 { option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a cluster config V3 spec - ClusterConfigSpecV3 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + ClusterConfigSpecV3 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // ClusterConfigSpecV3 is the actual data we care about for ClusterConfig. message ClusterConfigSpecV3 { - // SessionRecording controls where (or if) the session is recorded. - string SessionRecording = 1 [(gogoproto.jsontag) = "session_recording"]; + // SessionRecording controls where (or if) the session is recorded. + string SessionRecording = 1 [ (gogoproto.jsontag) = "session_recording" ]; // ClusterID is the unique cluster ID that is set once during the first auth - // server startup. - string ClusterID = 2 [(gogoproto.jsontag) = "cluster_id"]; + // server startup. + string ClusterID = 2 [ (gogoproto.jsontag) = "cluster_id" ]; - // ProxyChecksHostKeys is used to control if the proxy will check host keys - // when in recording mode. - string ProxyChecksHostKeys = 3 [(gogoproto.jsontag) = "proxy_checks_host_keys"]; + // ProxyChecksHostKeys is used to control if the proxy will check host keys + // when in recording mode. + string ProxyChecksHostKeys = 3 [ (gogoproto.jsontag) = "proxy_checks_host_keys" ]; - // Audit is a section with audit config - AuditConfig Audit = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "audit"]; + // Audit is a section with audit config + AuditConfig Audit = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "audit" ]; - // ClientIdleTimeout sets global cluster default setting for client idle timeouts - int64 ClientIdleTimeout = 5 [(gogoproto.jsontag) = "client_idle_timeout", (gogoproto.casttype) = "Duration"]; + // ClientIdleTimeout sets global cluster default setting for client idle + // timeouts + int64 ClientIdleTimeout = 5 + [ (gogoproto.jsontag) = "client_idle_timeout", (gogoproto.casttype) = "Duration" ]; - // DisconnectExpiredCert provides disconnect expired certificate setting - - // if true, connections with expired client certificates will get disconnected - bool DisconnectExpiredCert = 6 [(gogoproto.jsontag) = "disconnect_expired_cert", (gogoproto.casttype) = "Bool"]; + // DisconnectExpiredCert provides disconnect expired certificate setting - + // if true, connections with expired client certificates will get disconnected + bool DisconnectExpiredCert = 6 + [ (gogoproto.jsontag) = "disconnect_expired_cert", (gogoproto.casttype) = "Bool" ]; - // KeepAliveInterval is the interval the server sends keep-alive messsages - // to the client at. - int64 KeepAliveInterval = 7 [(gogoproto.jsontag) = "keep_alive_interval", (gogoproto.casttype) = "Duration"]; + // KeepAliveInterval is the interval the server sends keep-alive messsages + // to the client at. + int64 KeepAliveInterval = 7 + [ (gogoproto.jsontag) = "keep_alive_interval", (gogoproto.casttype) = "Duration" ]; - // KeepAliveCountMax is the number of keep-alive messages that can be missed before - // the server disconnects the connection to the client. - int64 KeepAliveCountMax = 8 [(gogoproto.jsontag) = "keep_alive_count_max"]; + // KeepAliveCountMax is the number of keep-alive messages that can be missed + // before + // the server disconnects the connection to the client. + int64 KeepAliveCountMax = 8 [ (gogoproto.jsontag) = "keep_alive_count_max" ]; // LocalAuth is true if local authentication is enabled. - bool LocalAuth = 9 [(gogoproto.jsontag) = "local_auth", (gogoproto.casttype) = "Bool"]; + bool LocalAuth = 9 [ (gogoproto.jsontag) = "local_auth", (gogoproto.casttype) = "Bool" ]; } // AuditConfig represents audit log settings in the cluster message AuditConfig { // Type is audit backend type - string Type = 1 [(gogoproto.jsontag) = "type,omitempty"]; + string Type = 1 [ (gogoproto.jsontag) = "type,omitempty" ]; // Region is a region setting for audit sessions used by cloud providers - string Region = 2 [(gogoproto.jsontag) = "region,omitempty"]; + string Region = 2 [ (gogoproto.jsontag) = "region,omitempty" ]; // AuditSessionsURI is a parameter where to upload sessions - string AuditSessionsURI = 3 [(gogoproto.jsontag) = "audit_sessions_uri,omitempty"]; + string AuditSessionsURI = 3 [ (gogoproto.jsontag) = "audit_sessions_uri,omitempty" ]; // AuditEventsURI is a parameter with all supported outputs // for audit events - wrappers.StringValues AuditEventsURI = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "audit_events_uri,omitempty", (gogoproto.customtype) = "github.com/gravitational/teleport/lib/wrappers.Strings"]; - // AuditTableName is a DB table name used for audits - // Deprecated in favor of AuditEventsURI - // DELETE IN (3.1.0) - string AuditTableName = 5 [(gogoproto.jsontag) = "audit_table_name,omitempty"]; + wrappers.StringValues AuditEventsURI = 4 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "audit_events_uri,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/lib/wrappers.Strings" + ]; + // AuditTableName is a DB table name used for audits + // Deprecated in favor of AuditEventsURI + // DELETE IN (3.1.0) + string AuditTableName = 5 [ (gogoproto.jsontag) = "audit_table_name,omitempty" ]; } // Namespace represents namespace resource specification -message Namespace { +message Namespace { // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a namespace spec - NamespaceSpec Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + NamespaceSpec Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // NamespaceSpec is a namespace specificateion -message NamespaceSpec { -} +message NamespaceSpec {} -message ResetPasswordTokenV3 { +message ResetPasswordTokenV3 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; - // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; - // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is ResetPasswordToken metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; - // Spec is an ResetPasswordToken specification - ResetPasswordTokenSpecV3 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + // Kind is a resource kind + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is ResetPasswordToken metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; + // Spec is an ResetPasswordToken specification + ResetPasswordTokenSpecV3 Spec = 5 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } message ResetPasswordTokenSpecV3 { - // User is user name associated with this token - string User = 1 [(gogoproto.jsontag) = "user"]; - // URL is this token URL - string URL = 2 [(gogoproto.jsontag) = "url"]; - // Created holds information about when the token was created - google.protobuf.Timestamp Created = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "created,omitempty"]; -} - -message ResetPasswordTokenSecretsV3 { + // User is user name associated with this token + string User = 1 [ (gogoproto.jsontag) = "user" ]; + // URL is this token URL + string URL = 2 [ (gogoproto.jsontag) = "url" ]; + // Created holds information about when the token was created + google.protobuf.Timestamp Created = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; +} + +message ResetPasswordTokenSecretsV3 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is ResetPasswordTokenSecrets metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is ResetPasswordTokenSecrets metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is an ResetPasswordTokenSecrets specification - ResetPasswordTokenSecretsSpecV3 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + ResetPasswordTokenSecretsSpecV3 Spec = 5 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } message ResetPasswordTokenSecretsSpecV3 { - // OTPKey is is a secret value of one time password secret generator - string OTPKey = 1 [(gogoproto.jsontag) = "opt_key"]; - // OTPKey is is a secret value of one time password secret generator - string QRCode = 2 [(gogoproto.jsontag) = "qr_code,omitempty"]; - // Created holds information about when the token was created - google.protobuf.Timestamp Created = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "created,omitempty"]; + // OTPKey is is a secret value of one time password secret generator + string OTPKey = 1 [ (gogoproto.jsontag) = "opt_key" ]; + // OTPKey is is a secret value of one time password secret generator + string QRCode = 2 [ (gogoproto.jsontag) = "qr_code,omitempty" ]; + // Created holds information about when the token was created + google.protobuf.Timestamp Created = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; } // AccessRequest represents an access request resource specification -message AccessRequestV3 { +message AccessRequestV3 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is AccessRequest metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is AccessRequest metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is an AccessReqeust specification - AccessRequestSpecV3 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + AccessRequestSpecV3 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // RequestState represents the state of a request for escalated privilege. @@ -456,182 +520,227 @@ enum RequestState { // AccessRequestSpec is the specification for AccessRequest message AccessRequestSpecV3 { // User is the name of the user to whom the roles will be applied. - string User = 1 [(gogoproto.jsontag) = "user"]; + string User = 1 [ (gogoproto.jsontag) = "user" ]; // Roles is the name of the roles being requested. - repeated string Roles = 2 [(gogoproto.jsontag) = "roles"]; + repeated string Roles = 2 [ (gogoproto.jsontag) = "roles" ]; // State is the current state of this access request. - RequestState State = 3 [(gogoproto.jsontag) = "state,omitempty"]; - // Created encodes the time at which the request was registered with the auth server. - google.protobuf.Timestamp Created = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "created,omitempty"]; - // Expires constrains the maximum lifetime of any login session for which this request is active. - google.protobuf.Timestamp Expires = 5 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "expires,omitempty"]; + RequestState State = 3 [ (gogoproto.jsontag) = "state,omitempty" ]; + // Created encodes the time at which the request was registered with the auth + // server. + google.protobuf.Timestamp Created = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "created,omitempty" + ]; + // Expires constrains the maximum lifetime of any login session for which this + // request is active. + google.protobuf.Timestamp Expires = 5 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires,omitempty" + ]; } // AccessRequestFilter encodes filter params for access requests. message AccessRequestFilter { // ID specifies a request ID if set. - string ID = 1 [(gogoproto.jsontag) = "id"]; + string ID = 1 [ (gogoproto.jsontag) = "id" ]; // User specifies a username if set. - string User = 2 [(gogoproto.jsontag) = "user"]; + string User = 2 [ (gogoproto.jsontag) = "user" ]; // RequestState filters for requests in a specific state. - RequestState State = 3 [(gogoproto.jsontag) = "state"]; + RequestState State = 3 [ (gogoproto.jsontag) = "state" ]; } // RoleV3 represents role resource specification -message RoleV3 { +message RoleV3 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a role specification - RoleSpecV3 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + RoleSpecV3 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // RoleSpecV3 is role specification for RoleV3. message RoleSpecV3 { - // Options is for OpenSSH options like agent forwarding. - RoleOptions Options = 1 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "options,omitempty"]; - // Allow is the set of conditions evaluated to grant access. - RoleConditions Allow = 2 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "allow,omitempty"]; - // Deny is the set of conditions evaluated to deny access. Deny takes priority over allow. - RoleConditions Deny = 3 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "deny,omitempty"]; + // Options is for OpenSSH options like agent forwarding. + RoleOptions Options = 1 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "options,omitempty" ]; + // Allow is the set of conditions evaluated to grant access. + RoleConditions Allow = 2 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "allow,omitempty" ]; + // Deny is the set of conditions evaluated to deny access. Deny takes priority + // over allow. + RoleConditions Deny = 3 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "deny,omitempty" ]; } // RoleOptions is a set of role options -message RoleOptions { +message RoleOptions { // ForwardAgent is SSH agent forwarding. - bool ForwardAgent = 1 [(gogoproto.jsontag) = "forward_agent", (gogoproto.casttype) = "Bool"]; - - // MaxSessionTTL defines how long a SSH session can last for. - int64 MaxSessionTTL = 2 [(gogoproto.jsontag) = "max_session_ttl,omitempty", (gogoproto.casttype) = "Duration"]; - - // PortForwarding defines if the certificate will have "permit-port-forwarding" - // in the certificate. PortForwarding is "yes" if not set, - // that's why this is a pointer - BoolValue PortForwarding = 3 [(gogoproto.nullable) = true, (gogoproto.jsontag) = "port_forwarding,omitempty", (gogoproto.customtype) = "BoolOption"]; - - // CertificateFormat defines the format of the user certificate to allow - // compatibility with older versions of OpenSSH. - string CertificateFormat = 4 [(gogoproto.jsontag) = "cert_format"]; - - // ClientIdleTimeout sets disconnect clients on idle timeout behavior, - // if set to 0 means do not disconnect, otherwise is set to the idle - // duration. - int64 ClientIdleTimeout = 5 [(gogoproto.jsontag) = "client_idle_timeout,omitempty", (gogoproto.casttype) = "Duration"]; - - // DisconnectExpiredCert sets disconnect clients on expired certificates. - bool DisconnectExpiredCert = 6 [(gogoproto.nullable) = true, (gogoproto.jsontag) = "disconnect_expired_cert,omitempty", (gogoproto.casttype) = "Bool"]; + bool ForwardAgent = 1 [ (gogoproto.jsontag) = "forward_agent", (gogoproto.casttype) = "Bool" ]; + + // MaxSessionTTL defines how long a SSH session can last for. + int64 MaxSessionTTL = 2 + [ (gogoproto.jsontag) = "max_session_ttl,omitempty", (gogoproto.casttype) = "Duration" ]; + + // PortForwarding defines if the certificate will have + // "permit-port-forwarding" + // in the certificate. PortForwarding is "yes" if not set, + // that's why this is a pointer + BoolValue PortForwarding = 3 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "port_forwarding,omitempty", + (gogoproto.customtype) = "BoolOption" + ]; + + // CertificateFormat defines the format of the user certificate to allow + // compatibility with older versions of OpenSSH. + string CertificateFormat = 4 [ (gogoproto.jsontag) = "cert_format" ]; + + // ClientIdleTimeout sets disconnect clients on idle timeout behavior, + // if set to 0 means do not disconnect, otherwise is set to the idle + // duration. + int64 ClientIdleTimeout = 5 [ + (gogoproto.jsontag) = "client_idle_timeout,omitempty", + (gogoproto.casttype) = "Duration" + ]; + + // DisconnectExpiredCert sets disconnect clients on expired certificates. + bool DisconnectExpiredCert = 6 [ + (gogoproto.nullable) = true, + (gogoproto.jsontag) = "disconnect_expired_cert,omitempty", + (gogoproto.casttype) = "Bool" + ]; // BPF defines what events to record for the BPF-based session recorder. - repeated string BPF = 7 [(gogoproto.jsontag) = "enhanced_recording,omitempty"]; + repeated string BPF = 7 [ (gogoproto.jsontag) = "enhanced_recording,omitempty" ]; } - // RoleConditions is a set of conditions that must all match to be allowed or // denied access. message RoleConditions { - // Logins is a list of *nix system logins. - repeated string Logins = 1 [(gogoproto.jsontag) = "logins"]; + // Logins is a list of *nix system logins. + repeated string Logins = 1 [ (gogoproto.jsontag) = "logins" ]; - // Namespaces is a list of namespaces (used to partition a cluster). The - // field should be called "namespaces" when it returns in Teleport 2.4. - repeated string Namespaces = 2 [(gogoproto.jsontag) = "-"]; + // Namespaces is a list of namespaces (used to partition a cluster). The + // field should be called "namespaces" when it returns in Teleport 2.4. + repeated string Namespaces = 2 [ (gogoproto.jsontag) = "-" ]; - // NodeLabels is a map of node labels (used to dynamically grant access to nodes). - wrappers.LabelValues NodeLabels = 3 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "node_labels,omitempty", (gogoproto.customtype) = "Labels"]; + // NodeLabels is a map of node labels (used to dynamically grant access to + // nodes). + wrappers.LabelValues NodeLabels = 3 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "node_labels,omitempty", + (gogoproto.customtype) = "Labels" + ]; - // Rules is a list of rules and their access levels. Rules are a high level - // construct used for access control. - repeated Rule Rules = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "rules,omitempty"]; + // Rules is a list of rules and their access levels. Rules are a high level + // construct used for access control. + repeated Rule Rules = 4 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "rules,omitempty" ]; - // KubeGroups is a list of kubernetes groups - repeated string KubeGroups = 5 [(gogoproto.jsontag) = "kubernetes_groups,omitempty"]; + // KubeGroups is a list of kubernetes groups + repeated string KubeGroups = 5 [ (gogoproto.jsontag) = "kubernetes_groups,omitempty" ]; - AccessRequestConditions Request = 6 [(gogoproto.jsontag) = "request,omitempty"]; + AccessRequestConditions Request = 6 [ (gogoproto.jsontag) = "request,omitempty" ]; } -// AccessRequestConditions is a matcher for allow/deny restrictions on access-requests. +// AccessRequestConditions is a matcher for allow/deny restrictions on +// access-requests. message AccessRequestConditions { // Roles is the name of roles which will match the request rule. - repeated string Roles = 1 [(gogoproto.jsontag) = "roles,omitempty"]; + repeated string Roles = 1 [ (gogoproto.jsontag) = "roles,omitempty" ]; } // Rule represents allow or deny rule that is executed to check // if user or service have access to resource -message Rule { - // Resources is a list of resources - repeated string Resources = 1 [(gogoproto.jsontag) = "resources,omitempty"]; - // Verbs is a list of verbs - repeated string Verbs = 2 [(gogoproto.jsontag) = "verbs,omitempty"]; - // Where specifies optional advanced matcher - string Where = 3 [(gogoproto.jsontag) = "where,omitempty"]; - // Actions specifies optional actions taken when this rule matches - repeated string Actions = 4 [(gogoproto.jsontag) = "actions,omitempty"]; +message Rule { + // Resources is a list of resources + repeated string Resources = 1 [ (gogoproto.jsontag) = "resources,omitempty" ]; + // Verbs is a list of verbs + repeated string Verbs = 2 [ (gogoproto.jsontag) = "verbs,omitempty" ]; + // Where specifies optional advanced matcher + string Where = 3 [ (gogoproto.jsontag) = "where,omitempty" ]; + // Actions specifies optional actions taken when this rule matches + repeated string Actions = 4 [ (gogoproto.jsontag) = "actions,omitempty" ]; } // BoolValue is a wrapper around bool, used in cases // whenever bool value can have different default value when missing -message BoolValue { - bool Value = 1; -} +message BoolValue { bool Value = 1; } // UserV2 is version 2 resource spec of the user -message UserV2 { +message UserV2 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is User metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is User metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; // Spec is a user specification - UserSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + UserSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // UserSpecV2 is a specification for V2 user -message UserSpecV2 { - // OIDCIdentities lists associated OpenID Connect identities - // that let user log in using externally verified identity - repeated ExternalIdentity OIDCIdentities = 1 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "oidc_identities,omitempty"]; - - // SAMLIdentities lists associated SAML identities - // that let user log in using externally verified identity - repeated ExternalIdentity SAMLIdentities = 2 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "saml_identities,omitempty"]; - - // GithubIdentities list associated Github OAuth2 identities - // that let user log in using externally verified identity - repeated ExternalIdentity GithubIdentities = 3 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "github_identities,omitempty"]; - - // Roles is a list of roles assigned to user - repeated string Roles = 4 [(gogoproto.jsontag) = "roles,omitempty"]; - - // Traits are key/value pairs received from an identity provider (through - // OIDC claims or SAML assertions) or from a system administrator for local - // accounts. Traits are used to populate role variables. - wrappers.LabelValues Traits = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "traits,omitempty", (gogoproto.customtype) = "github.com/gravitational/teleport/lib/wrappers.Traits"]; - - // Status is a login status of the user - LoginStatus Status = 6 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "status,omitempty"]; - - // Expires if set sets TTL on the user - google.protobuf.Timestamp Expires = 7 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "expires"]; - - // CreatedBy holds information about agent or person created this user - CreatedBy CreatedBy = 8 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "created_by,omitempty"]; - - // LocalAuths hold sensitive data necessary for performing local authentication - LocalAuthSecrets LocalAuth = 9 [(gogoproto.jsontag) = "local_auth,omitempty"]; +message UserSpecV2 { + // OIDCIdentities lists associated OpenID Connect identities + // that let user log in using externally verified identity + repeated ExternalIdentity OIDCIdentities = 1 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "oidc_identities,omitempty" ]; + + // SAMLIdentities lists associated SAML identities + // that let user log in using externally verified identity + repeated ExternalIdentity SAMLIdentities = 2 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "saml_identities,omitempty" ]; + + // GithubIdentities list associated Github OAuth2 identities + // that let user log in using externally verified identity + repeated ExternalIdentity GithubIdentities = 3 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "github_identities,omitempty" ]; + + // Roles is a list of roles assigned to user + repeated string Roles = 4 [ (gogoproto.jsontag) = "roles,omitempty" ]; + + // Traits are key/value pairs received from an identity provider (through + // OIDC claims or SAML assertions) or from a system administrator for local + // accounts. Traits are used to populate role variables. + wrappers.LabelValues Traits = 5 [ + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "traits,omitempty", + (gogoproto.customtype) = "github.com/gravitational/teleport/lib/wrappers.Traits" + ]; + + // Status is a login status of the user + LoginStatus Status = 6 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "status,omitempty" ]; + + // Expires if set sets TTL on the user + google.protobuf.Timestamp Expires = 7 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "expires" + ]; + + // CreatedBy holds information about agent or person created this user + CreatedBy CreatedBy = 8 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "created_by,omitempty" ]; + + // LocalAuths hold sensitive data necessary for performing local + // authentication + LocalAuthSecrets LocalAuth = 9 [ (gogoproto.jsontag) = "local_auth,omitempty" ]; } // ExternalIdentity is OpenID Connect/SAML or Github identity that is linked @@ -641,23 +750,31 @@ message ExternalIdentity { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; - // ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' - string ConnectorID = 1 [(gogoproto.jsontag) = "connector_id,omitempty"]; + // ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' + string ConnectorID = 1 [ (gogoproto.jsontag) = "connector_id,omitempty" ]; - // Username is username supplied by external identity provider - string Username = 2 [(gogoproto.jsontag) = "username,omitempty"]; + // Username is username supplied by external identity provider + string Username = 2 [ (gogoproto.jsontag) = "username,omitempty" ]; } // LoginStatus is a login status of the user message LoginStatus { - // IsLocked tells us if user is locked - bool IsLocked = 1 [(gogoproto.jsontag) = "is_locked"]; - // LockedMessage contains the message in case if user is locked - string LockedMessage = 2 [(gogoproto.jsontag) = "locked_message,omitempty"]; - // LockedTime contains time when user was locked - google.protobuf.Timestamp LockedTime = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "locked_time,omitempty"]; - // LockExpires contains time when this lock will expire - google.protobuf.Timestamp LockExpires = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "lock_expires,omitempty"]; + // IsLocked tells us if user is locked + bool IsLocked = 1 [ (gogoproto.jsontag) = "is_locked" ]; + // LockedMessage contains the message in case if user is locked + string LockedMessage = 2 [ (gogoproto.jsontag) = "locked_message,omitempty" ]; + // LockedTime contains time when user was locked + google.protobuf.Timestamp LockedTime = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "locked_time,omitempty" + ]; + // LockExpires contains time when this lock will expire + google.protobuf.Timestamp LockExpires = 4 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "lock_expires,omitempty" + ]; } // CreatedBy holds information about the person or agent who created the user @@ -665,107 +782,114 @@ message CreatedBy { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; - // Identity if present means that user was automatically created by identity - ConnectorRef Connector = 1 [(gogoproto.nullable) = true, (gogoproto.jsontag) = "connector,omitempty"]; - // Time specifies when user was created - google.protobuf.Timestamp Time = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "time"]; - // User holds information about user - UserRef User = 3 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "user"]; + // Identity if present means that user was automatically created by identity + ConnectorRef Connector = 1 + [ (gogoproto.nullable) = true, (gogoproto.jsontag) = "connector,omitempty" ]; + // Time specifies when user was created + google.protobuf.Timestamp Time = 2 + [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "time" ]; + // User holds information about user + UserRef User = 3 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "user" ]; } // U2FRegistrationData encodes the universal second factor registration payload. message U2FRegistrationData { // Raw is the serialized registration data as received from the token - bytes Raw = 1 [(gogoproto.jsontag) = "raw"]; + bytes Raw = 1 [ (gogoproto.jsontag) = "raw" ]; // KeyHandle uniquely identifies a key on a device - bytes KeyHandle = 2 [(gogoproto.jsontag) = "key_handle"]; + bytes KeyHandle = 2 [ (gogoproto.jsontag) = "key_handle" ]; // PubKey is an DER encoded ecdsa public key - bytes PubKey = 3 [(gogoproto.jsontag) = "pubkey"]; + bytes PubKey = 3 [ (gogoproto.jsontag) = "pubkey" ]; } // LocalAuthSecrets holds sensitive data used to authenticate a local user. message LocalAuthSecrets { // PasswordHash encodes a combined salt & hash for password verification. - bytes PasswordHash = 1 [(gogoproto.jsontag) = "password_hash,omitempty"]; + bytes PasswordHash = 1 [ (gogoproto.jsontag) = "password_hash,omitempty" ]; // TOTPKey is the key used for Time-based One Time Password varification. - string TOTPKey = 2 [(gogoproto.jsontag) = "totp_key,omitempty"]; + string TOTPKey = 2 [ (gogoproto.jsontag) = "totp_key,omitempty" ]; // U2FRegistration holds Universal Second Factor registration info. - U2FRegistrationData U2FRegistration = 3 [(gogoproto.jsontag) = "u2f_registration,omitempty"]; + U2FRegistrationData U2FRegistration = 3 [ (gogoproto.jsontag) = "u2f_registration,omitempty" ]; - // U2FCounter holds the highest seen Universal Second Factor registration count. - uint32 U2FCounter = 4 [(gogoproto.jsontag) = "u2f_counter,omitempty"]; + // U2FCounter holds the highest seen Universal Second Factor registration + // count. + uint32 U2FCounter = 4 [ (gogoproto.jsontag) = "u2f_counter,omitempty" ]; } // ConnectorRef holds information about OIDC connector message ConnectorRef { - // Type is connector type - string Type = 1 [(gogoproto.jsontag) = "type"]; - // ID is connector ID - string ID = 2 [(gogoproto.jsontag) = "id"]; - // Identity is external identity of the user - string Identity = 3 [(gogoproto.jsontag) = "identity"]; + // Type is connector type + string Type = 1 [ (gogoproto.jsontag) = "type" ]; + // ID is connector ID + string ID = 2 [ (gogoproto.jsontag) = "id" ]; + // Identity is external identity of the user + string Identity = 3 [ (gogoproto.jsontag) = "identity" ]; } // UserRef holds references to user message UserRef { - // Name is name of the user - string Name = 1 [(gogoproto.jsontag) = "name"]; + // Name is name of the user + string Name = 1 [ (gogoproto.jsontag) = "name" ]; } // ReverseTunnelV2 is version 2 of the resource spec of the reverse tunnel message ReverseTunnelV2 { - // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; - // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is a resource metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; - // Spec is a reverse tunnel specification - ReverseTunnelSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + // Kind is a resource kind + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is a resource metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; + // Spec is a reverse tunnel specification + ReverseTunnelSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // ReverseTunnelSpecV2 is a specification for V2 reverse tunnel message ReverseTunnelSpecV2 { - // ClusterName is a domain name of remote cluster we are connecting to - string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; - // DialAddrs is a list of remote address to establish a connection to - // it's always SSH over TCP - repeated string DialAddrs = 2 [(gogoproto.jsontag) = "dial_addrs,omitempty"]; - // Type is the type of reverse tunnel, either proxy or node. - string Type = 3 [(gogoproto.jsontag) = "type", (gogoproto.casttype) = "TunnelType"]; + // ClusterName is a domain name of remote cluster we are connecting to + string ClusterName = 1 [ (gogoproto.jsontag) = "cluster_name" ]; + // DialAddrs is a list of remote address to establish a connection to + // it's always SSH over TCP + repeated string DialAddrs = 2 [ (gogoproto.jsontag) = "dial_addrs,omitempty" ]; + // Type is the type of reverse tunnel, either proxy or node. + string Type = 3 [ (gogoproto.jsontag) = "type", (gogoproto.casttype) = "TunnelType" ]; } // TunnelConnectionV2 is version 2 of the resource spec of the tunnel connection message TunnelConnectionV2 { - option (gogoproto.goproto_stringer) = false; - option (gogoproto.stringer) = false; + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = false; - // Kind is a resource kind - string Kind = 1 [(gogoproto.jsontag) = "kind"]; - // SubKind is an optional resource sub kind, used in some resources - string SubKind = 2 [(gogoproto.jsontag) = "sub_kind,omitempty"]; - // Version is version - string Version = 3 [(gogoproto.jsontag) = "version"]; - // Metadata is a resource metadata - Metadata Metadata = 4 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata"]; - // Spec is a tunnel specification - TunnelConnectionSpecV2 Spec = 5 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "spec"]; + // Kind is a resource kind + string Kind = 1 [ (gogoproto.jsontag) = "kind" ]; + // SubKind is an optional resource sub kind, used in some resources + string SubKind = 2 [ (gogoproto.jsontag) = "sub_kind,omitempty" ]; + // Version is version + string Version = 3 [ (gogoproto.jsontag) = "version" ]; + // Metadata is a resource metadata + Metadata Metadata = 4 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "metadata" ]; + // Spec is a tunnel specification + TunnelConnectionSpecV2 Spec = 5 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "spec" ]; } // TunnelConnectionSpecV2 is a specification for V2 tunnel connection message TunnelConnectionSpecV2 { - // ClusterName is a name of the cluster - string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; - // ProxyName is the name of the proxy server - string ProxyName = 2 [(gogoproto.jsontag) = "proxy_name"]; - // LastHeartbeat is a time of the last heartbeat - google.protobuf.Timestamp LastHeartbeat = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.jsontag) = "last_heartbeat,omitempty"]; - // Type is the type of reverse tunnel, either proxy or node. - string Type = 4 [(gogoproto.jsontag) = "type", (gogoproto.casttype) = "TunnelType"]; + // ClusterName is a name of the cluster + string ClusterName = 1 [ (gogoproto.jsontag) = "cluster_name" ]; + // ProxyName is the name of the proxy server + string ProxyName = 2 [ (gogoproto.jsontag) = "proxy_name" ]; + // LastHeartbeat is a time of the last heartbeat + google.protobuf.Timestamp LastHeartbeat = 3 [ + (gogoproto.stdtime) = true, + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "last_heartbeat,omitempty" + ]; + // Type is the type of reverse tunnel, either proxy or node. + string Type = 4 [ (gogoproto.jsontag) = "type", (gogoproto.casttype) = "TunnelType" ]; } \ No newline at end of file diff --git a/lib/wrappers/wrappers.pb.go b/lib/wrappers/wrappers.pb.go index 1f0e838fe99a0..89efb76a9d0f9 100644 --- a/lib/wrappers/wrappers.pb.go +++ b/lib/wrappers/wrappers.pb.go @@ -33,7 +33,7 @@ func (m *StringValues) Reset() { *m = StringValues{} } func (m *StringValues) String() string { return proto.CompactTextString(m) } func (*StringValues) ProtoMessage() {} func (*StringValues) Descriptor() ([]byte, []int) { - return fileDescriptor_wrappers_b4e6428cd870cf3a, []int{0} + return fileDescriptor_wrappers_27e842bc8bd4b60d, []int{0} } func (m *StringValues) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -76,7 +76,7 @@ func (m *LabelValues) Reset() { *m = LabelValues{} } func (m *LabelValues) String() string { return proto.CompactTextString(m) } func (*LabelValues) ProtoMessage() {} func (*LabelValues) Descriptor() ([]byte, []int) { - return fileDescriptor_wrappers_b4e6428cd870cf3a, []int{1} + return fileDescriptor_wrappers_27e842bc8bd4b60d, []int{1} } func (m *LabelValues) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -607,9 +607,9 @@ var ( ErrIntOverflowWrappers = fmt.Errorf("proto: integer overflow") ) -func init() { proto.RegisterFile("wrappers.proto", fileDescriptor_wrappers_b4e6428cd870cf3a) } +func init() { proto.RegisterFile("wrappers.proto", fileDescriptor_wrappers_27e842bc8bd4b60d) } -var fileDescriptor_wrappers_b4e6428cd870cf3a = []byte{ +var fileDescriptor_wrappers_27e842bc8bd4b60d = []byte{ // 211 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2b, 0x2f, 0x4a, 0x2c, 0x28, 0x48, 0x2d, 0x2a, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x80, 0xf1, 0xa5, 0x44, diff --git a/lib/wrappers/wrappers.proto b/lib/wrappers/wrappers.proto index a784878043dea..e4abc8a0d1a7e 100644 --- a/lib/wrappers/wrappers.proto +++ b/lib/wrappers/wrappers.proto @@ -7,15 +7,13 @@ option (gogoproto.marshaler_all) = true; option (gogoproto.unmarshaler_all) = true; option (gogoproto.goproto_getters_all) = false; - // StringValues is a list of strings. -message StringValues { - repeated string Values = 1; -} +message StringValues { repeated string Values = 1; } // LabelValues is a list of key value pairs, where key is a string // and value is a list of string values. message LabelValues { // Values contains key value pairs. - map Values = 1 [(gogoproto.nullable) = false, (gogoproto.jsontag) = "labels"]; + map Values = 1 + [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "labels" ]; }