diff --git a/go.mod b/go.mod index e7cdf8e..1539861 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/go-playground/validator/v10 v10.27.0 github.com/golang-jwt/jwt/v5 v5.3.1 github.com/golang-migrate/migrate/v4 v4.19.0 + github.com/golang/protobuf v1.5.4 github.com/jackc/pgx/v5 v5.7.6 github.com/nats-io/nats.go v1.47.0 github.com/rs/zerolog v1.34.0 diff --git a/pkg/api/gen/go/authz/v1/authz.pb.go b/pkg/api/gen/go/authz/v1/authz.pb.go index a83f078..4014e84 100644 --- a/pkg/api/gen/go/authz/v1/authz.pb.go +++ b/pkg/api/gen/go/authz/v1/authz.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: authz/v1/authz.proto package authzv1 diff --git a/pkg/api/gen/go/authz/v1/authz_grpc.pb.go b/pkg/api/gen/go/authz/v1/authz_grpc.pb.go index 57c48d0..5df4f40 100644 --- a/pkg/api/gen/go/authz/v1/authz_grpc.pb.go +++ b/pkg/api/gen/go/authz/v1/authz_grpc.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: authz/v1/authz.proto package authzv1 diff --git a/pkg/api/gen/go/cloudshell/cloudshell.pb.go b/pkg/api/gen/go/cloudshell/cloudshell.pb.go index 8abcd3d..46b6190 100644 --- a/pkg/api/gen/go/cloudshell/cloudshell.pb.go +++ b/pkg/api/gen/go/cloudshell/cloudshell.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: cloudshell/cloudshell.proto package cloudshellv1 diff --git a/pkg/api/gen/go/common/v1/common.pb.go b/pkg/api/gen/go/common/v1/common.pb.go index 9b089a0..7872650 100644 --- a/pkg/api/gen/go/common/v1/common.pb.go +++ b/pkg/api/gen/go/common/v1/common.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: common/v1/common.proto // Package common.v1 defines shared message types used across all k8Shell @@ -14,9 +14,9 @@ package commonv1 import ( + timestamp "github.com/golang/protobuf/ptypes/timestamp" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" unsafe "unsafe" @@ -39,7 +39,7 @@ type User struct { // is_valid indicates whether the user's session or token is currently valid. IsValid bool `protobuf:"varint,3,opt,name=is_valid,json=isValid,proto3" json:"is_valid,omitempty"` // expires_at is the time at which the user's session expires. - ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + ExpiresAt *timestamp.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // uid is the POSIX user ID assigned to the user. Uid uint32 `protobuf:"varint,5,opt,name=uid,proto3" json:"uid,omitempty"` // gid is the POSIX primary group ID assigned to the user. @@ -121,7 +121,7 @@ func (x *User) GetIsValid() bool { return false } -func (x *User) GetExpiresAt() *timestamppb.Timestamp { +func (x *User) GetExpiresAt() *timestamp.Timestamp { if x != nil { return x.ExpiresAt } @@ -240,11 +240,11 @@ type UserCredential struct { // is_active indicates whether this credential is currently active. IsActive bool `protobuf:"varint,7,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"` // created_at is the time the credential was created. - CreatedAt *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` + CreatedAt *timestamp.Timestamp `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` // updated_at is the time the credential was last updated. - UpdatedAt *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` + UpdatedAt *timestamp.Timestamp `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` // expires_at is the time at which the secret expires, if known. - ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + ExpiresAt *timestamp.Timestamp `protobuf:"bytes,10,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -335,21 +335,21 @@ func (x *UserCredential) GetIsActive() bool { return false } -func (x *UserCredential) GetCreatedAt() *timestamppb.Timestamp { +func (x *UserCredential) GetCreatedAt() *timestamp.Timestamp { if x != nil { return x.CreatedAt } return nil } -func (x *UserCredential) GetUpdatedAt() *timestamppb.Timestamp { +func (x *UserCredential) GetUpdatedAt() *timestamp.Timestamp { if x != nil { return x.UpdatedAt } return nil } -func (x *UserCredential) GetExpiresAt() *timestamppb.Timestamp { +func (x *UserCredential) GetExpiresAt() *timestamp.Timestamp { if x != nil { return x.ExpiresAt } @@ -639,7 +639,7 @@ func (x *UserOnboardCapability) GetCanOnboard() bool { type WorkspaceStatus struct { state protoimpl.MessageState `protogen:"open.v1"` // created is the time the workspace was created. - Created *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=created,proto3" json:"created,omitempty"` + Created *timestamp.Timestamp `protobuf:"bytes,1,opt,name=created,proto3" json:"created,omitempty"` // status is the current workspace status (e.g. "Starting", "Running", "Failing"). Status string `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` // message provides additional human-readable detail about the current status. @@ -683,7 +683,7 @@ func (*WorkspaceStatus) Descriptor() ([]byte, []int) { return file_common_v1_common_proto_rawDescGZIP(), []int{6} } -func (x *WorkspaceStatus) GetCreated() *timestamppb.Timestamp { +func (x *WorkspaceStatus) GetCreated() *timestamp.Timestamp { if x != nil { return x.Created } @@ -1106,7 +1106,7 @@ var file_common_v1_common_proto_goTypes = []any{ (*WorkspaceStatus)(nil), // 6: common.v1.WorkspaceStatus (*WorkspaceDetails)(nil), // 7: common.v1.WorkspaceDetails (*BlueprintSummary)(nil), // 8: common.v1.BlueprintSummary - (*timestamppb.Timestamp)(nil), // 9: google.protobuf.Timestamp + (*timestamp.Timestamp)(nil), // 9: google.protobuf.Timestamp } var file_common_v1_common_proto_depIdxs = []int32{ 9, // 0: common.v1.User.expires_at:type_name -> google.protobuf.Timestamp diff --git a/pkg/api/gen/go/console/webfiles/v1/webfiles.pb.go b/pkg/api/gen/go/console/webfiles/v1/webfiles.pb.go index 3a446cc..e4525ca 100644 --- a/pkg/api/gen/go/console/webfiles/v1/webfiles.pb.go +++ b/pkg/api/gen/go/console/webfiles/v1/webfiles.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: console/webfiles/v1/webfiles.proto package webfilesv1 diff --git a/pkg/api/gen/go/console/webshell/v1/webshell.pb.go b/pkg/api/gen/go/console/webshell/v1/webshell.pb.go index af5a06d..56e1f1e 100644 --- a/pkg/api/gen/go/console/webshell/v1/webshell.pb.go +++ b/pkg/api/gen/go/console/webshell/v1/webshell.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: console/webshell/v1/webshell.proto package webshellv1 diff --git a/pkg/api/gen/go/identity/v1/identity.pb.go b/pkg/api/gen/go/identity/v1/identity.pb.go index 4d19eb9..fcaa8e5 100644 --- a/pkg/api/gen/go/identity/v1/identity.pb.go +++ b/pkg/api/gen/go/identity/v1/identity.pb.go @@ -4,17 +4,18 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: identity/v1/identity.proto package identityv1 import ( + duration "github.com/golang/protobuf/ptypes/duration" + timestamp "github.com/golang/protobuf/ptypes/timestamp" + wrappers "github.com/golang/protobuf/ptypes/wrappers" v1 "github.com/k8shell-io/common/pkg/api/gen/go/common/v1" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - durationpb "google.golang.org/protobuf/types/known/durationpb" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" unsafe "unsafe" @@ -27,6 +28,101 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// UpdateUserRequest carries a partial update for a user record. +// Only wrapper-typed fields that are set (non-nil) and repeated fields that +// are non-empty will be applied; unset fields leave the existing value intact. +type UpdateUserRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + Fullname *wrappers.StringValue `protobuf:"bytes,2,opt,name=fullname,proto3" json:"fullname,omitempty"` + Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"` + Sudo *wrappers.BoolValue `protobuf:"bytes,4,opt,name=sudo,proto3" json:"sudo,omitempty"` + Blueprints []string `protobuf:"bytes,5,rep,name=blueprints,proto3" json:"blueprints,omitempty"` + Locked *wrappers.BoolValue `protobuf:"bytes,6,opt,name=locked,proto3" json:"locked,omitempty"` + AuthKeys []string `protobuf:"bytes,7,rep,name=auth_keys,json=authKeys,proto3" json:"auth_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UpdateUserRequest) Reset() { + *x = UpdateUserRequest{} + mi := &file_identity_v1_identity_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UpdateUserRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateUserRequest) ProtoMessage() {} + +func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message { + mi := &file_identity_v1_identity_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead. +func (*UpdateUserRequest) Descriptor() ([]byte, []int) { + return file_identity_v1_identity_proto_rawDescGZIP(), []int{0} +} + +func (x *UpdateUserRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *UpdateUserRequest) GetFullname() *wrappers.StringValue { + if x != nil { + return x.Fullname + } + return nil +} + +func (x *UpdateUserRequest) GetRoles() []string { + if x != nil { + return x.Roles + } + return nil +} + +func (x *UpdateUserRequest) GetSudo() *wrappers.BoolValue { + if x != nil { + return x.Sudo + } + return nil +} + +func (x *UpdateUserRequest) GetBlueprints() []string { + if x != nil { + return x.Blueprints + } + return nil +} + +func (x *UpdateUserRequest) GetLocked() *wrappers.BoolValue { + if x != nil { + return x.Locked + } + return nil +} + +func (x *UpdateUserRequest) GetAuthKeys() []string { + if x != nil { + return x.AuthKeys + } + return nil +} + // IssueUserTokenRequest carries the username for a token issuance request. type IssueUserTokenRequest struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -38,7 +134,7 @@ type IssueUserTokenRequest struct { func (x *IssueUserTokenRequest) Reset() { *x = IssueUserTokenRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[0] + mi := &file_identity_v1_identity_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -50,7 +146,7 @@ func (x *IssueUserTokenRequest) String() string { func (*IssueUserTokenRequest) ProtoMessage() {} func (x *IssueUserTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[0] + mi := &file_identity_v1_identity_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -63,7 +159,7 @@ func (x *IssueUserTokenRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use IssueUserTokenRequest.ProtoReflect.Descriptor instead. func (*IssueUserTokenRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{0} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{1} } func (x *IssueUserTokenRequest) GetUsername() string { @@ -90,7 +186,7 @@ type IssueUserTokenResponse struct { func (x *IssueUserTokenResponse) Reset() { *x = IssueUserTokenResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[1] + mi := &file_identity_v1_identity_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -102,7 +198,7 @@ func (x *IssueUserTokenResponse) String() string { func (*IssueUserTokenResponse) ProtoMessage() {} func (x *IssueUserTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[1] + mi := &file_identity_v1_identity_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -115,7 +211,7 @@ func (x *IssueUserTokenResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use IssueUserTokenResponse.ProtoReflect.Descriptor instead. func (*IssueUserTokenResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{1} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{2} } func (x *IssueUserTokenResponse) GetUserToken() string { @@ -137,7 +233,7 @@ type CompleteUserDeviceFlowRequest struct { func (x *CompleteUserDeviceFlowRequest) Reset() { *x = CompleteUserDeviceFlowRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[2] + mi := &file_identity_v1_identity_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -149,7 +245,7 @@ func (x *CompleteUserDeviceFlowRequest) String() string { func (*CompleteUserDeviceFlowRequest) ProtoMessage() {} func (x *CompleteUserDeviceFlowRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[2] + mi := &file_identity_v1_identity_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -162,7 +258,7 @@ func (x *CompleteUserDeviceFlowRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CompleteUserDeviceFlowRequest.ProtoReflect.Descriptor instead. func (*CompleteUserDeviceFlowRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{2} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{3} } func (x *CompleteUserDeviceFlowRequest) GetProvider() string { @@ -189,7 +285,7 @@ type CompleteUserDeviceFlowResponse struct { func (x *CompleteUserDeviceFlowResponse) Reset() { *x = CompleteUserDeviceFlowResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[3] + mi := &file_identity_v1_identity_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -201,7 +297,7 @@ func (x *CompleteUserDeviceFlowResponse) String() string { func (*CompleteUserDeviceFlowResponse) ProtoMessage() {} func (x *CompleteUserDeviceFlowResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[3] + mi := &file_identity_v1_identity_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -214,7 +310,7 @@ func (x *CompleteUserDeviceFlowResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CompleteUserDeviceFlowResponse.ProtoReflect.Descriptor instead. func (*CompleteUserDeviceFlowResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{3} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{4} } // CompleteUserWebFlowResponse carries the user token issued upon successful completion of the web flow onboarding process. @@ -231,7 +327,7 @@ type CompleteUserWebFlowResponse struct { func (x *CompleteUserWebFlowResponse) Reset() { *x = CompleteUserWebFlowResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[4] + mi := &file_identity_v1_identity_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -243,7 +339,7 @@ func (x *CompleteUserWebFlowResponse) String() string { func (*CompleteUserWebFlowResponse) ProtoMessage() {} func (x *CompleteUserWebFlowResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[4] + mi := &file_identity_v1_identity_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -256,7 +352,7 @@ func (x *CompleteUserWebFlowResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CompleteUserWebFlowResponse.ProtoReflect.Descriptor instead. func (*CompleteUserWebFlowResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{4} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{5} } func (x *CompleteUserWebFlowResponse) GetUserToken() string { @@ -297,7 +393,7 @@ type ListUserCredentialsResponse struct { func (x *ListUserCredentialsResponse) Reset() { *x = ListUserCredentialsResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[5] + mi := &file_identity_v1_identity_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -309,7 +405,7 @@ func (x *ListUserCredentialsResponse) String() string { func (*ListUserCredentialsResponse) ProtoMessage() {} func (x *ListUserCredentialsResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[5] + mi := &file_identity_v1_identity_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -322,7 +418,7 @@ func (x *ListUserCredentialsResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ListUserCredentialsResponse.ProtoReflect.Descriptor instead. func (*ListUserCredentialsResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{5} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{6} } func (x *ListUserCredentialsResponse) GetCredentials() []*v1.UserCredential { @@ -344,7 +440,7 @@ type GetUserCredentialRequest struct { func (x *GetUserCredentialRequest) Reset() { *x = GetUserCredentialRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[6] + mi := &file_identity_v1_identity_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -356,7 +452,7 @@ func (x *GetUserCredentialRequest) String() string { func (*GetUserCredentialRequest) ProtoMessage() {} func (x *GetUserCredentialRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[6] + mi := &file_identity_v1_identity_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -369,7 +465,7 @@ func (x *GetUserCredentialRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetUserCredentialRequest.ProtoReflect.Descriptor instead. func (*GetUserCredentialRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{6} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{7} } func (x *GetUserCredentialRequest) GetUsername() string { @@ -403,7 +499,7 @@ type AddUserCredentialResponse struct { func (x *AddUserCredentialResponse) Reset() { *x = AddUserCredentialResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[7] + mi := &file_identity_v1_identity_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -415,7 +511,7 @@ func (x *AddUserCredentialResponse) String() string { func (*AddUserCredentialResponse) ProtoMessage() {} func (x *AddUserCredentialResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[7] + mi := &file_identity_v1_identity_proto_msgTypes[8] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -428,7 +524,7 @@ func (x *AddUserCredentialResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use AddUserCredentialResponse.ProtoReflect.Descriptor instead. func (*AddUserCredentialResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{7} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{8} } func (x *AddUserCredentialResponse) GetCredential() *v1.UserCredential { @@ -448,7 +544,7 @@ type UpdateUserCredentialResponse struct { func (x *UpdateUserCredentialResponse) Reset() { *x = UpdateUserCredentialResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[8] + mi := &file_identity_v1_identity_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -460,7 +556,7 @@ func (x *UpdateUserCredentialResponse) String() string { func (*UpdateUserCredentialResponse) ProtoMessage() {} func (x *UpdateUserCredentialResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[8] + mi := &file_identity_v1_identity_proto_msgTypes[9] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -473,7 +569,7 @@ func (x *UpdateUserCredentialResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateUserCredentialResponse.ProtoReflect.Descriptor instead. func (*UpdateUserCredentialResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{8} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{9} } func (x *UpdateUserCredentialResponse) GetCredential() *v1.UserCredential { @@ -493,7 +589,7 @@ type DeleteUserCredentialRequest struct { func (x *DeleteUserCredentialRequest) Reset() { *x = DeleteUserCredentialRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[9] + mi := &file_identity_v1_identity_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -505,7 +601,7 @@ func (x *DeleteUserCredentialRequest) String() string { func (*DeleteUserCredentialRequest) ProtoMessage() {} func (x *DeleteUserCredentialRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[9] + mi := &file_identity_v1_identity_proto_msgTypes[10] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -518,7 +614,7 @@ func (x *DeleteUserCredentialRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteUserCredentialRequest.ProtoReflect.Descriptor instead. func (*DeleteUserCredentialRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{9} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{10} } func (x *DeleteUserCredentialRequest) GetId() uint32 { @@ -538,7 +634,7 @@ type DeleteUserCredentialResponse struct { func (x *DeleteUserCredentialResponse) Reset() { *x = DeleteUserCredentialResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[10] + mi := &file_identity_v1_identity_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -550,7 +646,7 @@ func (x *DeleteUserCredentialResponse) String() string { func (*DeleteUserCredentialResponse) ProtoMessage() {} func (x *DeleteUserCredentialResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[10] + mi := &file_identity_v1_identity_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -563,7 +659,7 @@ func (x *DeleteUserCredentialResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteUserCredentialResponse.ProtoReflect.Descriptor instead. func (*DeleteUserCredentialResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{10} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{11} } func (x *DeleteUserCredentialResponse) GetSuccess() bool { @@ -582,7 +678,7 @@ type GetAvailableIdentityProvidersRequest struct { func (x *GetAvailableIdentityProvidersRequest) Reset() { *x = GetAvailableIdentityProvidersRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[11] + mi := &file_identity_v1_identity_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -594,7 +690,7 @@ func (x *GetAvailableIdentityProvidersRequest) String() string { func (*GetAvailableIdentityProvidersRequest) ProtoMessage() {} func (x *GetAvailableIdentityProvidersRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[11] + mi := &file_identity_v1_identity_proto_msgTypes[12] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -607,7 +703,7 @@ func (x *GetAvailableIdentityProvidersRequest) ProtoReflect() protoreflect.Messa // Deprecated: Use GetAvailableIdentityProvidersRequest.ProtoReflect.Descriptor instead. func (*GetAvailableIdentityProvidersRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{11} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{12} } // GetAvailableIdentityProvidersResponse carries the list of available identity providers. @@ -620,7 +716,7 @@ type GetAvailableIdentityProvidersResponse struct { func (x *GetAvailableIdentityProvidersResponse) Reset() { *x = GetAvailableIdentityProvidersResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[12] + mi := &file_identity_v1_identity_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -632,7 +728,7 @@ func (x *GetAvailableIdentityProvidersResponse) String() string { func (*GetAvailableIdentityProvidersResponse) ProtoMessage() {} func (x *GetAvailableIdentityProvidersResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[12] + mi := &file_identity_v1_identity_proto_msgTypes[13] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -645,7 +741,7 @@ func (x *GetAvailableIdentityProvidersResponse) ProtoReflect() protoreflect.Mess // Deprecated: Use GetAvailableIdentityProvidersResponse.ProtoReflect.Descriptor instead. func (*GetAvailableIdentityProvidersResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{12} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{13} } func (x *GetAvailableIdentityProvidersResponse) GetProviders() []*IdentityProviderInfo { @@ -661,14 +757,14 @@ type CreateAccessTokenRequest struct { Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` Scopes []string `protobuf:"bytes,3,rep,name=scopes,proto3" json:"scopes,omitempty"` - ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // omit for non-expiring tokens + ExpiresAt *timestamp.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // omit for non-expiring tokens unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *CreateAccessTokenRequest) Reset() { *x = CreateAccessTokenRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[13] + mi := &file_identity_v1_identity_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -680,7 +776,7 @@ func (x *CreateAccessTokenRequest) String() string { func (*CreateAccessTokenRequest) ProtoMessage() {} func (x *CreateAccessTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[13] + mi := &file_identity_v1_identity_proto_msgTypes[14] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -693,7 +789,7 @@ func (x *CreateAccessTokenRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateAccessTokenRequest.ProtoReflect.Descriptor instead. func (*CreateAccessTokenRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{13} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{14} } func (x *CreateAccessTokenRequest) GetUsername() string { @@ -717,7 +813,7 @@ func (x *CreateAccessTokenRequest) GetScopes() []string { return nil } -func (x *CreateAccessTokenRequest) GetExpiresAt() *timestamppb.Timestamp { +func (x *CreateAccessTokenRequest) GetExpiresAt() *timestamp.Timestamp { if x != nil { return x.ExpiresAt } @@ -736,7 +832,7 @@ type CreateAccessTokenResponse struct { func (x *CreateAccessTokenResponse) Reset() { *x = CreateAccessTokenResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[14] + mi := &file_identity_v1_identity_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -748,7 +844,7 @@ func (x *CreateAccessTokenResponse) String() string { func (*CreateAccessTokenResponse) ProtoMessage() {} func (x *CreateAccessTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[14] + mi := &file_identity_v1_identity_proto_msgTypes[15] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -761,7 +857,7 @@ func (x *CreateAccessTokenResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateAccessTokenResponse.ProtoReflect.Descriptor instead. func (*CreateAccessTokenResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{14} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{15} } func (x *CreateAccessTokenResponse) GetId() int64 { @@ -788,7 +884,7 @@ type ListAccessTokensResponse struct { func (x *ListAccessTokensResponse) Reset() { *x = ListAccessTokensResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[15] + mi := &file_identity_v1_identity_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -800,7 +896,7 @@ func (x *ListAccessTokensResponse) String() string { func (*ListAccessTokensResponse) ProtoMessage() {} func (x *ListAccessTokensResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[15] + mi := &file_identity_v1_identity_proto_msgTypes[16] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -813,7 +909,7 @@ func (x *ListAccessTokensResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ListAccessTokensResponse.ProtoReflect.Descriptor instead. func (*ListAccessTokensResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{15} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{16} } func (x *ListAccessTokensResponse) GetTokens() []*AccessTokenInfo { @@ -834,7 +930,7 @@ type RevokeAccessTokenRequest struct { func (x *RevokeAccessTokenRequest) Reset() { *x = RevokeAccessTokenRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[16] + mi := &file_identity_v1_identity_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -846,7 +942,7 @@ func (x *RevokeAccessTokenRequest) String() string { func (*RevokeAccessTokenRequest) ProtoMessage() {} func (x *RevokeAccessTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[16] + mi := &file_identity_v1_identity_proto_msgTypes[17] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -859,7 +955,7 @@ func (x *RevokeAccessTokenRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeAccessTokenRequest.ProtoReflect.Descriptor instead. func (*RevokeAccessTokenRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{16} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{17} } func (x *RevokeAccessTokenRequest) GetId() int64 { @@ -886,7 +982,7 @@ type RevokeAccessTokenResponse struct { func (x *RevokeAccessTokenResponse) Reset() { *x = RevokeAccessTokenResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[17] + mi := &file_identity_v1_identity_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -898,7 +994,7 @@ func (x *RevokeAccessTokenResponse) String() string { func (*RevokeAccessTokenResponse) ProtoMessage() {} func (x *RevokeAccessTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[17] + mi := &file_identity_v1_identity_proto_msgTypes[18] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -911,7 +1007,7 @@ func (x *RevokeAccessTokenResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeAccessTokenResponse.ProtoReflect.Descriptor instead. func (*RevokeAccessTokenResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{17} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{18} } func (x *RevokeAccessTokenResponse) GetSuccess() bool { @@ -925,14 +1021,14 @@ func (x *RevokeAccessTokenResponse) GetSuccess() bool { type ResolveAccessTokenRequest struct { state protoimpl.MessageState `protogen:"open.v1"` Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` - Expiry *durationpb.Duration `protobuf:"bytes,2,opt,name=expiry,proto3" json:"expiry,omitempty"` // JWT lifetime to issue; omit to use the server default + Expiry *duration.Duration `protobuf:"bytes,2,opt,name=expiry,proto3" json:"expiry,omitempty"` // JWT lifetime to issue; omit to use the server default unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *ResolveAccessTokenRequest) Reset() { *x = ResolveAccessTokenRequest{} - mi := &file_identity_v1_identity_proto_msgTypes[18] + mi := &file_identity_v1_identity_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -944,7 +1040,7 @@ func (x *ResolveAccessTokenRequest) String() string { func (*ResolveAccessTokenRequest) ProtoMessage() {} func (x *ResolveAccessTokenRequest) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[18] + mi := &file_identity_v1_identity_proto_msgTypes[19] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -957,7 +1053,7 @@ func (x *ResolveAccessTokenRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ResolveAccessTokenRequest.ProtoReflect.Descriptor instead. func (*ResolveAccessTokenRequest) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{18} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{19} } func (x *ResolveAccessTokenRequest) GetToken() string { @@ -967,7 +1063,7 @@ func (x *ResolveAccessTokenRequest) GetToken() string { return "" } -func (x *ResolveAccessTokenRequest) GetExpiry() *durationpb.Duration { +func (x *ResolveAccessTokenRequest) GetExpiry() *duration.Duration { if x != nil { return x.Expiry } @@ -989,7 +1085,7 @@ type ResolveAccessTokenResponse struct { func (x *ResolveAccessTokenResponse) Reset() { *x = ResolveAccessTokenResponse{} - mi := &file_identity_v1_identity_proto_msgTypes[19] + mi := &file_identity_v1_identity_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1001,7 +1097,7 @@ func (x *ResolveAccessTokenResponse) String() string { func (*ResolveAccessTokenResponse) ProtoMessage() {} func (x *ResolveAccessTokenResponse) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_identity_proto_msgTypes[19] + mi := &file_identity_v1_identity_proto_msgTypes[20] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1014,7 +1110,7 @@ func (x *ResolveAccessTokenResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ResolveAccessTokenResponse.ProtoReflect.Descriptor instead. func (*ResolveAccessTokenResponse) Descriptor() ([]byte, []int) { - return file_identity_v1_identity_proto_rawDescGZIP(), []int{19} + return file_identity_v1_identity_proto_rawDescGZIP(), []int{20} } func (x *ResolveAccessTokenResponse) GetUser() *v1.User { @@ -1042,7 +1138,17 @@ var File_identity_v1_identity_proto protoreflect.FileDescriptor const file_identity_v1_identity_proto_rawDesc = "" + "\n" + - "\x1aidentity/v1/identity.proto\x12\videntity.v1\x1a\x16common/v1/common.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17identity/v1/types.proto\"K\n" + + "\x1aidentity/v1/identity.proto\x12\videntity.v1\x1a\x16common/v1/common.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x17identity/v1/types.proto\"\xa0\x02\n" + + "\x11UpdateUserRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x128\n" + + "\bfullname\x18\x02 \x01(\v2\x1c.google.protobuf.StringValueR\bfullname\x12\x14\n" + + "\x05roles\x18\x03 \x03(\tR\x05roles\x12.\n" + + "\x04sudo\x18\x04 \x01(\v2\x1a.google.protobuf.BoolValueR\x04sudo\x12\x1e\n" + + "\n" + + "blueprints\x18\x05 \x03(\tR\n" + + "blueprints\x122\n" + + "\x06locked\x18\x06 \x01(\v2\x1a.google.protobuf.BoolValueR\x06locked\x12\x1b\n" + + "\tauth_keys\x18\a \x03(\tR\bauthKeys\"K\n" + "\x15IssueUserTokenRequest\x12\x1a\n" + "\busername\x18\x01 \x01(\tR\busername\x12\x16\n" + "\x06source\x18\x02 \x01(\tR\x06source\"7\n" + @@ -1103,7 +1209,7 @@ const file_identity_v1_identity_proto_rawDesc = "" + "\x04user\x18\x01 \x01(\v2\x0f.common.v1.UserR\x04user\x12\x16\n" + "\x06scopes\x18\x02 \x03(\tR\x06scopes\x12\x1d\n" + "\n" + - "user_token\x18\x03 \x01(\tR\tuserToken2\xb9\x0f\n" + + "user_token\x18\x03 \x01(\tR\tuserToken2\xa1\x13\n" + "\x0fIdentityService\x129\n" + "\bFindUser\x12\x1c.identity.v1.FindUserRequest\x1a\x0f.common.v1.User\x12?\n" + "\bGetUsers\x12\x1c.identity.v1.GetUsersRequest\x1a\x15.identity.v1.UserList\x12Y\n" + @@ -1118,7 +1224,15 @@ const file_identity_v1_identity_proto_rawDesc = "" + "\x17ResolvePullRequestToRef\x12#.identity.v1.RepoPullRequestRequest\x1a\x1c.identity.v1.RepoRefResponse\x12V\n" + "\x13ListUserCredentials\x12\x15.identity.v1.Username\x1a(.identity.v1.ListUserCredentialsResponse\x12U\n" + "\x11GetUserCredential\x12%.identity.v1.GetUserCredentialRequest\x1a\x19.common.v1.UserCredential\x12V\n" + - "\x11AddUserCredential\x12\x19.common.v1.UserCredential\x1a&.identity.v1.AddUserCredentialResponse\x12\\\n" + + "\x11AddUserCredential\x12\x19.common.v1.UserCredential\x1a&.identity.v1.AddUserCredentialResponse\x12=\n" + + "\n" + + "UpdateUser\x12\x1e.identity.v1.UpdateUserRequest\x1a\x0f.common.v1.User\x12>\n" + + "\fAddUserRoles\x12\x1d.identity.v1.UserRolesRequest\x1a\x0f.common.v1.User\x12A\n" + + "\x0fRemoveUserRoles\x12\x1d.identity.v1.UserRolesRequest\x1a\x0f.common.v1.User\x12H\n" + + "\x11AddUserBlueprints\x12\".identity.v1.UserBlueprintsRequest\x1a\x0f.common.v1.User\x12K\n" + + "\x14RemoveUserBlueprints\x12\".identity.v1.UserBlueprintsRequest\x1a\x0f.common.v1.User\x12D\n" + + "\x0fAddUserAuthKeys\x12 .identity.v1.UserAuthKeysRequest\x1a\x0f.common.v1.User\x12G\n" + + "\x12RemoveUserAuthKeys\x12 .identity.v1.UserAuthKeysRequest\x1a\x0f.common.v1.User\x12\\\n" + "\x14UpdateUserCredential\x12\x19.common.v1.UserCredential\x1a).identity.v1.UpdateUserCredentialResponse\x12k\n" + "\x14DeleteUserCredential\x12(.identity.v1.DeleteUserCredentialRequest\x1a).identity.v1.DeleteUserCredentialResponse\x12\x86\x01\n" + "\x1dGetAvailableIdentityProviders\x121.identity.v1.GetAvailableIdentityProvidersRequest\x1a2.identity.v1.GetAvailableIdentityProvidersResponse\x12b\n" + @@ -1139,107 +1253,130 @@ func file_identity_v1_identity_proto_rawDescGZIP() []byte { return file_identity_v1_identity_proto_rawDescData } -var file_identity_v1_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 20) +var file_identity_v1_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 21) var file_identity_v1_identity_proto_goTypes = []any{ - (*IssueUserTokenRequest)(nil), // 0: identity.v1.IssueUserTokenRequest - (*IssueUserTokenResponse)(nil), // 1: identity.v1.IssueUserTokenResponse - (*CompleteUserDeviceFlowRequest)(nil), // 2: identity.v1.CompleteUserDeviceFlowRequest - (*CompleteUserDeviceFlowResponse)(nil), // 3: identity.v1.CompleteUserDeviceFlowResponse - (*CompleteUserWebFlowResponse)(nil), // 4: identity.v1.CompleteUserWebFlowResponse - (*ListUserCredentialsResponse)(nil), // 5: identity.v1.ListUserCredentialsResponse - (*GetUserCredentialRequest)(nil), // 6: identity.v1.GetUserCredentialRequest - (*AddUserCredentialResponse)(nil), // 7: identity.v1.AddUserCredentialResponse - (*UpdateUserCredentialResponse)(nil), // 8: identity.v1.UpdateUserCredentialResponse - (*DeleteUserCredentialRequest)(nil), // 9: identity.v1.DeleteUserCredentialRequest - (*DeleteUserCredentialResponse)(nil), // 10: identity.v1.DeleteUserCredentialResponse - (*GetAvailableIdentityProvidersRequest)(nil), // 11: identity.v1.GetAvailableIdentityProvidersRequest - (*GetAvailableIdentityProvidersResponse)(nil), // 12: identity.v1.GetAvailableIdentityProvidersResponse - (*CreateAccessTokenRequest)(nil), // 13: identity.v1.CreateAccessTokenRequest - (*CreateAccessTokenResponse)(nil), // 14: identity.v1.CreateAccessTokenResponse - (*ListAccessTokensResponse)(nil), // 15: identity.v1.ListAccessTokensResponse - (*RevokeAccessTokenRequest)(nil), // 16: identity.v1.RevokeAccessTokenRequest - (*RevokeAccessTokenResponse)(nil), // 17: identity.v1.RevokeAccessTokenResponse - (*ResolveAccessTokenRequest)(nil), // 18: identity.v1.ResolveAccessTokenRequest - (*ResolveAccessTokenResponse)(nil), // 19: identity.v1.ResolveAccessTokenResponse - (*v1.UserCredential)(nil), // 20: common.v1.UserCredential - (*IdentityProviderInfo)(nil), // 21: identity.v1.IdentityProviderInfo - (*timestamppb.Timestamp)(nil), // 22: google.protobuf.Timestamp - (*AccessTokenInfo)(nil), // 23: identity.v1.AccessTokenInfo - (*durationpb.Duration)(nil), // 24: google.protobuf.Duration - (*v1.User)(nil), // 25: common.v1.User - (*FindUserRequest)(nil), // 26: identity.v1.FindUserRequest - (*GetUsersRequest)(nil), // 27: identity.v1.GetUsersRequest - (*Username)(nil), // 28: identity.v1.Username - (*OnboardUserDeviceFlowRequest)(nil), // 29: identity.v1.OnboardUserDeviceFlowRequest - (*OnboardUserWebFlowRequest)(nil), // 30: identity.v1.OnboardUserWebFlowRequest - (*CompleteUserWebFlowRequest)(nil), // 31: identity.v1.CompleteUserWebFlowRequest - (*AuthUserPublicKeyRequest)(nil), // 32: identity.v1.AuthUserPublicKeyRequest - (*UserStr)(nil), // 33: identity.v1.UserStr - (*RepoPullRequestRequest)(nil), // 34: identity.v1.RepoPullRequestRequest - (*UserList)(nil), // 35: identity.v1.UserList - (*v1.UserOnboardCapability)(nil), // 36: common.v1.UserOnboardCapability - (*v1.OnboardUserDeviceFlow)(nil), // 37: common.v1.OnboardUserDeviceFlow - (*v1.OnboardUserWebFlow)(nil), // 38: common.v1.OnboardUserWebFlow - (*AuthUserResponse)(nil), // 39: identity.v1.AuthUserResponse - (*Blueprint)(nil), // 40: identity.v1.Blueprint - (*RepoRefResponse)(nil), // 41: identity.v1.RepoRefResponse + (*UpdateUserRequest)(nil), // 0: identity.v1.UpdateUserRequest + (*IssueUserTokenRequest)(nil), // 1: identity.v1.IssueUserTokenRequest + (*IssueUserTokenResponse)(nil), // 2: identity.v1.IssueUserTokenResponse + (*CompleteUserDeviceFlowRequest)(nil), // 3: identity.v1.CompleteUserDeviceFlowRequest + (*CompleteUserDeviceFlowResponse)(nil), // 4: identity.v1.CompleteUserDeviceFlowResponse + (*CompleteUserWebFlowResponse)(nil), // 5: identity.v1.CompleteUserWebFlowResponse + (*ListUserCredentialsResponse)(nil), // 6: identity.v1.ListUserCredentialsResponse + (*GetUserCredentialRequest)(nil), // 7: identity.v1.GetUserCredentialRequest + (*AddUserCredentialResponse)(nil), // 8: identity.v1.AddUserCredentialResponse + (*UpdateUserCredentialResponse)(nil), // 9: identity.v1.UpdateUserCredentialResponse + (*DeleteUserCredentialRequest)(nil), // 10: identity.v1.DeleteUserCredentialRequest + (*DeleteUserCredentialResponse)(nil), // 11: identity.v1.DeleteUserCredentialResponse + (*GetAvailableIdentityProvidersRequest)(nil), // 12: identity.v1.GetAvailableIdentityProvidersRequest + (*GetAvailableIdentityProvidersResponse)(nil), // 13: identity.v1.GetAvailableIdentityProvidersResponse + (*CreateAccessTokenRequest)(nil), // 14: identity.v1.CreateAccessTokenRequest + (*CreateAccessTokenResponse)(nil), // 15: identity.v1.CreateAccessTokenResponse + (*ListAccessTokensResponse)(nil), // 16: identity.v1.ListAccessTokensResponse + (*RevokeAccessTokenRequest)(nil), // 17: identity.v1.RevokeAccessTokenRequest + (*RevokeAccessTokenResponse)(nil), // 18: identity.v1.RevokeAccessTokenResponse + (*ResolveAccessTokenRequest)(nil), // 19: identity.v1.ResolveAccessTokenRequest + (*ResolveAccessTokenResponse)(nil), // 20: identity.v1.ResolveAccessTokenResponse + (*wrappers.StringValue)(nil), // 21: google.protobuf.StringValue + (*wrappers.BoolValue)(nil), // 22: google.protobuf.BoolValue + (*v1.UserCredential)(nil), // 23: common.v1.UserCredential + (*IdentityProviderInfo)(nil), // 24: identity.v1.IdentityProviderInfo + (*timestamp.Timestamp)(nil), // 25: google.protobuf.Timestamp + (*AccessTokenInfo)(nil), // 26: identity.v1.AccessTokenInfo + (*duration.Duration)(nil), // 27: google.protobuf.Duration + (*v1.User)(nil), // 28: common.v1.User + (*FindUserRequest)(nil), // 29: identity.v1.FindUserRequest + (*GetUsersRequest)(nil), // 30: identity.v1.GetUsersRequest + (*Username)(nil), // 31: identity.v1.Username + (*OnboardUserDeviceFlowRequest)(nil), // 32: identity.v1.OnboardUserDeviceFlowRequest + (*OnboardUserWebFlowRequest)(nil), // 33: identity.v1.OnboardUserWebFlowRequest + (*CompleteUserWebFlowRequest)(nil), // 34: identity.v1.CompleteUserWebFlowRequest + (*AuthUserPublicKeyRequest)(nil), // 35: identity.v1.AuthUserPublicKeyRequest + (*UserStr)(nil), // 36: identity.v1.UserStr + (*RepoPullRequestRequest)(nil), // 37: identity.v1.RepoPullRequestRequest + (*UserRolesRequest)(nil), // 38: identity.v1.UserRolesRequest + (*UserBlueprintsRequest)(nil), // 39: identity.v1.UserBlueprintsRequest + (*UserAuthKeysRequest)(nil), // 40: identity.v1.UserAuthKeysRequest + (*UserList)(nil), // 41: identity.v1.UserList + (*v1.UserOnboardCapability)(nil), // 42: common.v1.UserOnboardCapability + (*v1.OnboardUserDeviceFlow)(nil), // 43: common.v1.OnboardUserDeviceFlow + (*v1.OnboardUserWebFlow)(nil), // 44: common.v1.OnboardUserWebFlow + (*AuthUserResponse)(nil), // 45: identity.v1.AuthUserResponse + (*Blueprint)(nil), // 46: identity.v1.Blueprint + (*RepoRefResponse)(nil), // 47: identity.v1.RepoRefResponse } var file_identity_v1_identity_proto_depIdxs = []int32{ - 20, // 0: identity.v1.ListUserCredentialsResponse.credentials:type_name -> common.v1.UserCredential - 20, // 1: identity.v1.AddUserCredentialResponse.credential:type_name -> common.v1.UserCredential - 20, // 2: identity.v1.UpdateUserCredentialResponse.credential:type_name -> common.v1.UserCredential - 21, // 3: identity.v1.GetAvailableIdentityProvidersResponse.providers:type_name -> identity.v1.IdentityProviderInfo - 22, // 4: identity.v1.CreateAccessTokenRequest.expires_at:type_name -> google.protobuf.Timestamp - 23, // 5: identity.v1.ListAccessTokensResponse.tokens:type_name -> identity.v1.AccessTokenInfo - 24, // 6: identity.v1.ResolveAccessTokenRequest.expiry:type_name -> google.protobuf.Duration - 25, // 7: identity.v1.ResolveAccessTokenResponse.user:type_name -> common.v1.User - 26, // 8: identity.v1.IdentityService.FindUser:input_type -> identity.v1.FindUserRequest - 27, // 9: identity.v1.IdentityService.GetUsers:input_type -> identity.v1.GetUsersRequest - 0, // 10: identity.v1.IdentityService.IssueUserToken:input_type -> identity.v1.IssueUserTokenRequest - 28, // 11: identity.v1.IdentityService.GetUserOnboardCapability:input_type -> identity.v1.Username - 29, // 12: identity.v1.IdentityService.OnboardUserDeviceFlow:input_type -> identity.v1.OnboardUserDeviceFlowRequest - 30, // 13: identity.v1.IdentityService.OnboardUserWebFlow:input_type -> identity.v1.OnboardUserWebFlowRequest - 31, // 14: identity.v1.IdentityService.CompleteUserWebFlow:input_type -> identity.v1.CompleteUserWebFlowRequest - 32, // 15: identity.v1.IdentityService.AuthUserPublicKey:input_type -> identity.v1.AuthUserPublicKeyRequest - 2, // 16: identity.v1.IdentityService.CompleteUserDeviceFlow:input_type -> identity.v1.CompleteUserDeviceFlowRequest - 33, // 17: identity.v1.IdentityService.GetBlueprintByUserStr:input_type -> identity.v1.UserStr - 34, // 18: identity.v1.IdentityService.ResolvePullRequestToRef:input_type -> identity.v1.RepoPullRequestRequest - 28, // 19: identity.v1.IdentityService.ListUserCredentials:input_type -> identity.v1.Username - 6, // 20: identity.v1.IdentityService.GetUserCredential:input_type -> identity.v1.GetUserCredentialRequest - 20, // 21: identity.v1.IdentityService.AddUserCredential:input_type -> common.v1.UserCredential - 20, // 22: identity.v1.IdentityService.UpdateUserCredential:input_type -> common.v1.UserCredential - 9, // 23: identity.v1.IdentityService.DeleteUserCredential:input_type -> identity.v1.DeleteUserCredentialRequest - 11, // 24: identity.v1.IdentityService.GetAvailableIdentityProviders:input_type -> identity.v1.GetAvailableIdentityProvidersRequest - 13, // 25: identity.v1.IdentityService.CreateAccessToken:input_type -> identity.v1.CreateAccessTokenRequest - 28, // 26: identity.v1.IdentityService.ListAccessTokens:input_type -> identity.v1.Username - 16, // 27: identity.v1.IdentityService.RevokeAccessToken:input_type -> identity.v1.RevokeAccessTokenRequest - 18, // 28: identity.v1.IdentityService.ResolveAccessToken:input_type -> identity.v1.ResolveAccessTokenRequest - 25, // 29: identity.v1.IdentityService.FindUser:output_type -> common.v1.User - 35, // 30: identity.v1.IdentityService.GetUsers:output_type -> identity.v1.UserList - 1, // 31: identity.v1.IdentityService.IssueUserToken:output_type -> identity.v1.IssueUserTokenResponse - 36, // 32: identity.v1.IdentityService.GetUserOnboardCapability:output_type -> common.v1.UserOnboardCapability - 37, // 33: identity.v1.IdentityService.OnboardUserDeviceFlow:output_type -> common.v1.OnboardUserDeviceFlow - 38, // 34: identity.v1.IdentityService.OnboardUserWebFlow:output_type -> common.v1.OnboardUserWebFlow - 4, // 35: identity.v1.IdentityService.CompleteUserWebFlow:output_type -> identity.v1.CompleteUserWebFlowResponse - 39, // 36: identity.v1.IdentityService.AuthUserPublicKey:output_type -> identity.v1.AuthUserResponse - 3, // 37: identity.v1.IdentityService.CompleteUserDeviceFlow:output_type -> identity.v1.CompleteUserDeviceFlowResponse - 40, // 38: identity.v1.IdentityService.GetBlueprintByUserStr:output_type -> identity.v1.Blueprint - 41, // 39: identity.v1.IdentityService.ResolvePullRequestToRef:output_type -> identity.v1.RepoRefResponse - 5, // 40: identity.v1.IdentityService.ListUserCredentials:output_type -> identity.v1.ListUserCredentialsResponse - 20, // 41: identity.v1.IdentityService.GetUserCredential:output_type -> common.v1.UserCredential - 7, // 42: identity.v1.IdentityService.AddUserCredential:output_type -> identity.v1.AddUserCredentialResponse - 8, // 43: identity.v1.IdentityService.UpdateUserCredential:output_type -> identity.v1.UpdateUserCredentialResponse - 10, // 44: identity.v1.IdentityService.DeleteUserCredential:output_type -> identity.v1.DeleteUserCredentialResponse - 12, // 45: identity.v1.IdentityService.GetAvailableIdentityProviders:output_type -> identity.v1.GetAvailableIdentityProvidersResponse - 14, // 46: identity.v1.IdentityService.CreateAccessToken:output_type -> identity.v1.CreateAccessTokenResponse - 15, // 47: identity.v1.IdentityService.ListAccessTokens:output_type -> identity.v1.ListAccessTokensResponse - 17, // 48: identity.v1.IdentityService.RevokeAccessToken:output_type -> identity.v1.RevokeAccessTokenResponse - 19, // 49: identity.v1.IdentityService.ResolveAccessToken:output_type -> identity.v1.ResolveAccessTokenResponse - 29, // [29:50] is the sub-list for method output_type - 8, // [8:29] is the sub-list for method input_type - 8, // [8:8] is the sub-list for extension type_name - 8, // [8:8] is the sub-list for extension extendee - 0, // [0:8] is the sub-list for field type_name + 21, // 0: identity.v1.UpdateUserRequest.fullname:type_name -> google.protobuf.StringValue + 22, // 1: identity.v1.UpdateUserRequest.sudo:type_name -> google.protobuf.BoolValue + 22, // 2: identity.v1.UpdateUserRequest.locked:type_name -> google.protobuf.BoolValue + 23, // 3: identity.v1.ListUserCredentialsResponse.credentials:type_name -> common.v1.UserCredential + 23, // 4: identity.v1.AddUserCredentialResponse.credential:type_name -> common.v1.UserCredential + 23, // 5: identity.v1.UpdateUserCredentialResponse.credential:type_name -> common.v1.UserCredential + 24, // 6: identity.v1.GetAvailableIdentityProvidersResponse.providers:type_name -> identity.v1.IdentityProviderInfo + 25, // 7: identity.v1.CreateAccessTokenRequest.expires_at:type_name -> google.protobuf.Timestamp + 26, // 8: identity.v1.ListAccessTokensResponse.tokens:type_name -> identity.v1.AccessTokenInfo + 27, // 9: identity.v1.ResolveAccessTokenRequest.expiry:type_name -> google.protobuf.Duration + 28, // 10: identity.v1.ResolveAccessTokenResponse.user:type_name -> common.v1.User + 29, // 11: identity.v1.IdentityService.FindUser:input_type -> identity.v1.FindUserRequest + 30, // 12: identity.v1.IdentityService.GetUsers:input_type -> identity.v1.GetUsersRequest + 1, // 13: identity.v1.IdentityService.IssueUserToken:input_type -> identity.v1.IssueUserTokenRequest + 31, // 14: identity.v1.IdentityService.GetUserOnboardCapability:input_type -> identity.v1.Username + 32, // 15: identity.v1.IdentityService.OnboardUserDeviceFlow:input_type -> identity.v1.OnboardUserDeviceFlowRequest + 33, // 16: identity.v1.IdentityService.OnboardUserWebFlow:input_type -> identity.v1.OnboardUserWebFlowRequest + 34, // 17: identity.v1.IdentityService.CompleteUserWebFlow:input_type -> identity.v1.CompleteUserWebFlowRequest + 35, // 18: identity.v1.IdentityService.AuthUserPublicKey:input_type -> identity.v1.AuthUserPublicKeyRequest + 3, // 19: identity.v1.IdentityService.CompleteUserDeviceFlow:input_type -> identity.v1.CompleteUserDeviceFlowRequest + 36, // 20: identity.v1.IdentityService.GetBlueprintByUserStr:input_type -> identity.v1.UserStr + 37, // 21: identity.v1.IdentityService.ResolvePullRequestToRef:input_type -> identity.v1.RepoPullRequestRequest + 31, // 22: identity.v1.IdentityService.ListUserCredentials:input_type -> identity.v1.Username + 7, // 23: identity.v1.IdentityService.GetUserCredential:input_type -> identity.v1.GetUserCredentialRequest + 23, // 24: identity.v1.IdentityService.AddUserCredential:input_type -> common.v1.UserCredential + 0, // 25: identity.v1.IdentityService.UpdateUser:input_type -> identity.v1.UpdateUserRequest + 38, // 26: identity.v1.IdentityService.AddUserRoles:input_type -> identity.v1.UserRolesRequest + 38, // 27: identity.v1.IdentityService.RemoveUserRoles:input_type -> identity.v1.UserRolesRequest + 39, // 28: identity.v1.IdentityService.AddUserBlueprints:input_type -> identity.v1.UserBlueprintsRequest + 39, // 29: identity.v1.IdentityService.RemoveUserBlueprints:input_type -> identity.v1.UserBlueprintsRequest + 40, // 30: identity.v1.IdentityService.AddUserAuthKeys:input_type -> identity.v1.UserAuthKeysRequest + 40, // 31: identity.v1.IdentityService.RemoveUserAuthKeys:input_type -> identity.v1.UserAuthKeysRequest + 23, // 32: identity.v1.IdentityService.UpdateUserCredential:input_type -> common.v1.UserCredential + 10, // 33: identity.v1.IdentityService.DeleteUserCredential:input_type -> identity.v1.DeleteUserCredentialRequest + 12, // 34: identity.v1.IdentityService.GetAvailableIdentityProviders:input_type -> identity.v1.GetAvailableIdentityProvidersRequest + 14, // 35: identity.v1.IdentityService.CreateAccessToken:input_type -> identity.v1.CreateAccessTokenRequest + 31, // 36: identity.v1.IdentityService.ListAccessTokens:input_type -> identity.v1.Username + 17, // 37: identity.v1.IdentityService.RevokeAccessToken:input_type -> identity.v1.RevokeAccessTokenRequest + 19, // 38: identity.v1.IdentityService.ResolveAccessToken:input_type -> identity.v1.ResolveAccessTokenRequest + 28, // 39: identity.v1.IdentityService.FindUser:output_type -> common.v1.User + 41, // 40: identity.v1.IdentityService.GetUsers:output_type -> identity.v1.UserList + 2, // 41: identity.v1.IdentityService.IssueUserToken:output_type -> identity.v1.IssueUserTokenResponse + 42, // 42: identity.v1.IdentityService.GetUserOnboardCapability:output_type -> common.v1.UserOnboardCapability + 43, // 43: identity.v1.IdentityService.OnboardUserDeviceFlow:output_type -> common.v1.OnboardUserDeviceFlow + 44, // 44: identity.v1.IdentityService.OnboardUserWebFlow:output_type -> common.v1.OnboardUserWebFlow + 5, // 45: identity.v1.IdentityService.CompleteUserWebFlow:output_type -> identity.v1.CompleteUserWebFlowResponse + 45, // 46: identity.v1.IdentityService.AuthUserPublicKey:output_type -> identity.v1.AuthUserResponse + 4, // 47: identity.v1.IdentityService.CompleteUserDeviceFlow:output_type -> identity.v1.CompleteUserDeviceFlowResponse + 46, // 48: identity.v1.IdentityService.GetBlueprintByUserStr:output_type -> identity.v1.Blueprint + 47, // 49: identity.v1.IdentityService.ResolvePullRequestToRef:output_type -> identity.v1.RepoRefResponse + 6, // 50: identity.v1.IdentityService.ListUserCredentials:output_type -> identity.v1.ListUserCredentialsResponse + 23, // 51: identity.v1.IdentityService.GetUserCredential:output_type -> common.v1.UserCredential + 8, // 52: identity.v1.IdentityService.AddUserCredential:output_type -> identity.v1.AddUserCredentialResponse + 28, // 53: identity.v1.IdentityService.UpdateUser:output_type -> common.v1.User + 28, // 54: identity.v1.IdentityService.AddUserRoles:output_type -> common.v1.User + 28, // 55: identity.v1.IdentityService.RemoveUserRoles:output_type -> common.v1.User + 28, // 56: identity.v1.IdentityService.AddUserBlueprints:output_type -> common.v1.User + 28, // 57: identity.v1.IdentityService.RemoveUserBlueprints:output_type -> common.v1.User + 28, // 58: identity.v1.IdentityService.AddUserAuthKeys:output_type -> common.v1.User + 28, // 59: identity.v1.IdentityService.RemoveUserAuthKeys:output_type -> common.v1.User + 9, // 60: identity.v1.IdentityService.UpdateUserCredential:output_type -> identity.v1.UpdateUserCredentialResponse + 11, // 61: identity.v1.IdentityService.DeleteUserCredential:output_type -> identity.v1.DeleteUserCredentialResponse + 13, // 62: identity.v1.IdentityService.GetAvailableIdentityProviders:output_type -> identity.v1.GetAvailableIdentityProvidersResponse + 15, // 63: identity.v1.IdentityService.CreateAccessToken:output_type -> identity.v1.CreateAccessTokenResponse + 16, // 64: identity.v1.IdentityService.ListAccessTokens:output_type -> identity.v1.ListAccessTokensResponse + 18, // 65: identity.v1.IdentityService.RevokeAccessToken:output_type -> identity.v1.RevokeAccessTokenResponse + 20, // 66: identity.v1.IdentityService.ResolveAccessToken:output_type -> identity.v1.ResolveAccessTokenResponse + 39, // [39:67] is the sub-list for method output_type + 11, // [11:39] is the sub-list for method input_type + 11, // [11:11] is the sub-list for extension type_name + 11, // [11:11] is the sub-list for extension extendee + 0, // [0:11] is the sub-list for field type_name } func init() { file_identity_v1_identity_proto_init() } @@ -1254,7 +1391,7 @@ func file_identity_v1_identity_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_identity_v1_identity_proto_rawDesc), len(file_identity_v1_identity_proto_rawDesc)), NumEnums: 0, - NumMessages: 20, + NumMessages: 21, NumExtensions: 0, NumServices: 1, }, diff --git a/pkg/api/gen/go/identity/v1/identity_grpc.pb.go b/pkg/api/gen/go/identity/v1/identity_grpc.pb.go index ac8e9ce..302281e 100644 --- a/pkg/api/gen/go/identity/v1/identity_grpc.pb.go +++ b/pkg/api/gen/go/identity/v1/identity_grpc.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: identity/v1/identity.proto package identityv1 @@ -37,6 +37,13 @@ const ( IdentityService_ListUserCredentials_FullMethodName = "/identity.v1.IdentityService/ListUserCredentials" IdentityService_GetUserCredential_FullMethodName = "/identity.v1.IdentityService/GetUserCredential" IdentityService_AddUserCredential_FullMethodName = "/identity.v1.IdentityService/AddUserCredential" + IdentityService_UpdateUser_FullMethodName = "/identity.v1.IdentityService/UpdateUser" + IdentityService_AddUserRoles_FullMethodName = "/identity.v1.IdentityService/AddUserRoles" + IdentityService_RemoveUserRoles_FullMethodName = "/identity.v1.IdentityService/RemoveUserRoles" + IdentityService_AddUserBlueprints_FullMethodName = "/identity.v1.IdentityService/AddUserBlueprints" + IdentityService_RemoveUserBlueprints_FullMethodName = "/identity.v1.IdentityService/RemoveUserBlueprints" + IdentityService_AddUserAuthKeys_FullMethodName = "/identity.v1.IdentityService/AddUserAuthKeys" + IdentityService_RemoveUserAuthKeys_FullMethodName = "/identity.v1.IdentityService/RemoveUserAuthKeys" IdentityService_UpdateUserCredential_FullMethodName = "/identity.v1.IdentityService/UpdateUserCredential" IdentityService_DeleteUserCredential_FullMethodName = "/identity.v1.IdentityService/DeleteUserCredential" IdentityService_GetAvailableIdentityProviders_FullMethodName = "/identity.v1.IdentityService/GetAvailableIdentityProviders" @@ -84,6 +91,21 @@ type IdentityServiceClient interface { GetUserCredential(ctx context.Context, in *GetUserCredentialRequest, opts ...grpc.CallOption) (*v1.UserCredential, error) // AddUserCredential adds a new credential for a user. AddUserCredential(ctx context.Context, in *v1.UserCredential, opts ...grpc.CallOption) (*AddUserCredentialResponse, error) + // UpdateUser applies a partial update to a user record. Only fields wrapped + // in a value type (or repeated fields that are non-empty) are applied. + UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*v1.User, error) + // AddUserRoles adds one or more roles to a user without affecting existing roles. + AddUserRoles(ctx context.Context, in *UserRolesRequest, opts ...grpc.CallOption) (*v1.User, error) + // RemoveUserRoles removes one or more roles from a user. + RemoveUserRoles(ctx context.Context, in *UserRolesRequest, opts ...grpc.CallOption) (*v1.User, error) + // AddUserBlueprints grants a user access to one or more blueprints. + AddUserBlueprints(ctx context.Context, in *UserBlueprintsRequest, opts ...grpc.CallOption) (*v1.User, error) + // RemoveUserBlueprints revokes access to one or more blueprints from a user. + RemoveUserBlueprints(ctx context.Context, in *UserBlueprintsRequest, opts ...grpc.CallOption) (*v1.User, error) + // AddUserAuthKeys registers one or more SSH public keys for a user. + AddUserAuthKeys(ctx context.Context, in *UserAuthKeysRequest, opts ...grpc.CallOption) (*v1.User, error) + // RemoveUserAuthKeys removes one or more SSH public keys from a user. + RemoveUserAuthKeys(ctx context.Context, in *UserAuthKeysRequest, opts ...grpc.CallOption) (*v1.User, error) // UpdateUserCredential updates an existing credential for a user. UpdateUserCredential(ctx context.Context, in *v1.UserCredential, opts ...grpc.CallOption) (*UpdateUserCredentialResponse, error) // DeleteUserCredential deletes an external credential by its ID. @@ -251,6 +273,76 @@ func (c *identityServiceClient) AddUserCredential(ctx context.Context, in *v1.Us return out, nil } +func (c *identityServiceClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_UpdateUser_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) AddUserRoles(ctx context.Context, in *UserRolesRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_AddUserRoles_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) RemoveUserRoles(ctx context.Context, in *UserRolesRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_RemoveUserRoles_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) AddUserBlueprints(ctx context.Context, in *UserBlueprintsRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_AddUserBlueprints_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) RemoveUserBlueprints(ctx context.Context, in *UserBlueprintsRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_RemoveUserBlueprints_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) AddUserAuthKeys(ctx context.Context, in *UserAuthKeysRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_AddUserAuthKeys_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityServiceClient) RemoveUserAuthKeys(ctx context.Context, in *UserAuthKeysRequest, opts ...grpc.CallOption) (*v1.User, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(v1.User) + err := c.cc.Invoke(ctx, IdentityService_RemoveUserAuthKeys_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *identityServiceClient) UpdateUserCredential(ctx context.Context, in *v1.UserCredential, opts ...grpc.CallOption) (*UpdateUserCredentialResponse, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(UpdateUserCredentialResponse) @@ -359,6 +451,21 @@ type IdentityServiceServer interface { GetUserCredential(context.Context, *GetUserCredentialRequest) (*v1.UserCredential, error) // AddUserCredential adds a new credential for a user. AddUserCredential(context.Context, *v1.UserCredential) (*AddUserCredentialResponse, error) + // UpdateUser applies a partial update to a user record. Only fields wrapped + // in a value type (or repeated fields that are non-empty) are applied. + UpdateUser(context.Context, *UpdateUserRequest) (*v1.User, error) + // AddUserRoles adds one or more roles to a user without affecting existing roles. + AddUserRoles(context.Context, *UserRolesRequest) (*v1.User, error) + // RemoveUserRoles removes one or more roles from a user. + RemoveUserRoles(context.Context, *UserRolesRequest) (*v1.User, error) + // AddUserBlueprints grants a user access to one or more blueprints. + AddUserBlueprints(context.Context, *UserBlueprintsRequest) (*v1.User, error) + // RemoveUserBlueprints revokes access to one or more blueprints from a user. + RemoveUserBlueprints(context.Context, *UserBlueprintsRequest) (*v1.User, error) + // AddUserAuthKeys registers one or more SSH public keys for a user. + AddUserAuthKeys(context.Context, *UserAuthKeysRequest) (*v1.User, error) + // RemoveUserAuthKeys removes one or more SSH public keys from a user. + RemoveUserAuthKeys(context.Context, *UserAuthKeysRequest) (*v1.User, error) // UpdateUserCredential updates an existing credential for a user. UpdateUserCredential(context.Context, *v1.UserCredential) (*UpdateUserCredentialResponse, error) // DeleteUserCredential deletes an external credential by its ID. @@ -428,6 +535,27 @@ func (UnimplementedIdentityServiceServer) GetUserCredential(context.Context, *Ge func (UnimplementedIdentityServiceServer) AddUserCredential(context.Context, *v1.UserCredential) (*AddUserCredentialResponse, error) { return nil, status.Error(codes.Unimplemented, "method AddUserCredential not implemented") } +func (UnimplementedIdentityServiceServer) UpdateUser(context.Context, *UpdateUserRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented") +} +func (UnimplementedIdentityServiceServer) AddUserRoles(context.Context, *UserRolesRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method AddUserRoles not implemented") +} +func (UnimplementedIdentityServiceServer) RemoveUserRoles(context.Context, *UserRolesRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method RemoveUserRoles not implemented") +} +func (UnimplementedIdentityServiceServer) AddUserBlueprints(context.Context, *UserBlueprintsRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method AddUserBlueprints not implemented") +} +func (UnimplementedIdentityServiceServer) RemoveUserBlueprints(context.Context, *UserBlueprintsRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method RemoveUserBlueprints not implemented") +} +func (UnimplementedIdentityServiceServer) AddUserAuthKeys(context.Context, *UserAuthKeysRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method AddUserAuthKeys not implemented") +} +func (UnimplementedIdentityServiceServer) RemoveUserAuthKeys(context.Context, *UserAuthKeysRequest) (*v1.User, error) { + return nil, status.Error(codes.Unimplemented, "method RemoveUserAuthKeys not implemented") +} func (UnimplementedIdentityServiceServer) UpdateUserCredential(context.Context, *v1.UserCredential) (*UpdateUserCredentialResponse, error) { return nil, status.Error(codes.Unimplemented, "method UpdateUserCredential not implemented") } @@ -722,6 +850,132 @@ func _IdentityService_AddUserCredential_Handler(srv interface{}, ctx context.Con return interceptor(ctx, in, info, handler) } +func _IdentityService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).UpdateUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_UpdateUser_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).UpdateUser(ctx, req.(*UpdateUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_AddUserRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserRolesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).AddUserRoles(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_AddUserRoles_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).AddUserRoles(ctx, req.(*UserRolesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_RemoveUserRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserRolesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).RemoveUserRoles(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_RemoveUserRoles_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).RemoveUserRoles(ctx, req.(*UserRolesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_AddUserBlueprints_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserBlueprintsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).AddUserBlueprints(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_AddUserBlueprints_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).AddUserBlueprints(ctx, req.(*UserBlueprintsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_RemoveUserBlueprints_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserBlueprintsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).RemoveUserBlueprints(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_RemoveUserBlueprints_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).RemoveUserBlueprints(ctx, req.(*UserBlueprintsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_AddUserAuthKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserAuthKeysRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).AddUserAuthKeys(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_AddUserAuthKeys_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).AddUserAuthKeys(ctx, req.(*UserAuthKeysRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityService_RemoveUserAuthKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UserAuthKeysRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityServiceServer).RemoveUserAuthKeys(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityService_RemoveUserAuthKeys_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityServiceServer).RemoveUserAuthKeys(ctx, req.(*UserAuthKeysRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _IdentityService_UpdateUserCredential_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(v1.UserCredential) if err := dec(in); err != nil { @@ -911,6 +1165,34 @@ var IdentityService_ServiceDesc = grpc.ServiceDesc{ MethodName: "AddUserCredential", Handler: _IdentityService_AddUserCredential_Handler, }, + { + MethodName: "UpdateUser", + Handler: _IdentityService_UpdateUser_Handler, + }, + { + MethodName: "AddUserRoles", + Handler: _IdentityService_AddUserRoles_Handler, + }, + { + MethodName: "RemoveUserRoles", + Handler: _IdentityService_RemoveUserRoles_Handler, + }, + { + MethodName: "AddUserBlueprints", + Handler: _IdentityService_AddUserBlueprints_Handler, + }, + { + MethodName: "RemoveUserBlueprints", + Handler: _IdentityService_RemoveUserBlueprints_Handler, + }, + { + MethodName: "AddUserAuthKeys", + Handler: _IdentityService_AddUserAuthKeys_Handler, + }, + { + MethodName: "RemoveUserAuthKeys", + Handler: _IdentityService_RemoveUserAuthKeys_Handler, + }, { MethodName: "UpdateUserCredential", Handler: _IdentityService_UpdateUserCredential_Handler, diff --git a/pkg/api/gen/go/identity/v1/idp.pb.go b/pkg/api/gen/go/identity/v1/idp.pb.go index 51e2739..682b13f 100644 --- a/pkg/api/gen/go/identity/v1/idp.pb.go +++ b/pkg/api/gen/go/identity/v1/idp.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: identity/v1/idp.proto package identityv1 diff --git a/pkg/api/gen/go/identity/v1/idp_grpc.pb.go b/pkg/api/gen/go/identity/v1/idp_grpc.pb.go index 3baaeb7..ddc99cc 100644 --- a/pkg/api/gen/go/identity/v1/idp_grpc.pb.go +++ b/pkg/api/gen/go/identity/v1/idp_grpc.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: identity/v1/idp.proto package identityv1 diff --git a/pkg/api/gen/go/identity/v1/types.pb.go b/pkg/api/gen/go/identity/v1/types.pb.go index 0f0ab5b..f3a7605 100644 --- a/pkg/api/gen/go/identity/v1/types.pb.go +++ b/pkg/api/gen/go/identity/v1/types.pb.go @@ -4,16 +4,16 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: identity/v1/types.proto package identityv1 import ( + timestamp "github.com/golang/protobuf/ptypes/timestamp" v1 "github.com/k8shell-io/common/pkg/api/gen/go/common/v1" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" unsafe "unsafe" @@ -807,6 +807,165 @@ func (x *IdentityProviderInfo) GetCapabilities() []string { return nil } +// UserRolesRequest carries a username and one or more roles to add or remove. +type UserRolesRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UserRolesRequest) Reset() { + *x = UserRolesRequest{} + mi := &file_identity_v1_types_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UserRolesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserRolesRequest) ProtoMessage() {} + +func (x *UserRolesRequest) ProtoReflect() protoreflect.Message { + mi := &file_identity_v1_types_proto_msgTypes[15] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserRolesRequest.ProtoReflect.Descriptor instead. +func (*UserRolesRequest) Descriptor() ([]byte, []int) { + return file_identity_v1_types_proto_rawDescGZIP(), []int{15} +} + +func (x *UserRolesRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *UserRolesRequest) GetRoles() []string { + if x != nil { + return x.Roles + } + return nil +} + +// UserBlueprintsRequest carries a username and one or more blueprints to grant or revoke. +type UserBlueprintsRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + Blueprints []string `protobuf:"bytes,2,rep,name=blueprints,proto3" json:"blueprints,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UserBlueprintsRequest) Reset() { + *x = UserBlueprintsRequest{} + mi := &file_identity_v1_types_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UserBlueprintsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserBlueprintsRequest) ProtoMessage() {} + +func (x *UserBlueprintsRequest) ProtoReflect() protoreflect.Message { + mi := &file_identity_v1_types_proto_msgTypes[16] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserBlueprintsRequest.ProtoReflect.Descriptor instead. +func (*UserBlueprintsRequest) Descriptor() ([]byte, []int) { + return file_identity_v1_types_proto_rawDescGZIP(), []int{16} +} + +func (x *UserBlueprintsRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *UserBlueprintsRequest) GetBlueprints() []string { + if x != nil { + return x.Blueprints + } + return nil +} + +// UserAuthKeysRequest carries a username and one or more SSH public keys to register or remove. +type UserAuthKeysRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + AuthKeys []string `protobuf:"bytes,2,rep,name=auth_keys,json=authKeys,proto3" json:"auth_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UserAuthKeysRequest) Reset() { + *x = UserAuthKeysRequest{} + mi := &file_identity_v1_types_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UserAuthKeysRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserAuthKeysRequest) ProtoMessage() {} + +func (x *UserAuthKeysRequest) ProtoReflect() protoreflect.Message { + mi := &file_identity_v1_types_proto_msgTypes[17] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserAuthKeysRequest.ProtoReflect.Descriptor instead. +func (*UserAuthKeysRequest) Descriptor() ([]byte, []int) { + return file_identity_v1_types_proto_rawDescGZIP(), []int{17} +} + +func (x *UserAuthKeysRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *UserAuthKeysRequest) GetAuthKeys() []string { + if x != nil { + return x.AuthKeys + } + return nil +} + // AccessTokenInfo carries access token metadata returned in list responses. // The raw token and its hash are never included. type AccessTokenInfo struct { @@ -815,9 +974,9 @@ type AccessTokenInfo struct { Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"` - ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` - CreatedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` - LastUsedAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=last_used_at,json=lastUsedAt,proto3" json:"last_used_at,omitempty"` + ExpiresAt *timestamp.Timestamp `protobuf:"bytes,5,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + CreatedAt *timestamp.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` + LastUsedAt *timestamp.Timestamp `protobuf:"bytes,7,opt,name=last_used_at,json=lastUsedAt,proto3" json:"last_used_at,omitempty"` IsActive bool `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -825,7 +984,7 @@ type AccessTokenInfo struct { func (x *AccessTokenInfo) Reset() { *x = AccessTokenInfo{} - mi := &file_identity_v1_types_proto_msgTypes[15] + mi := &file_identity_v1_types_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -837,7 +996,7 @@ func (x *AccessTokenInfo) String() string { func (*AccessTokenInfo) ProtoMessage() {} func (x *AccessTokenInfo) ProtoReflect() protoreflect.Message { - mi := &file_identity_v1_types_proto_msgTypes[15] + mi := &file_identity_v1_types_proto_msgTypes[18] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -850,7 +1009,7 @@ func (x *AccessTokenInfo) ProtoReflect() protoreflect.Message { // Deprecated: Use AccessTokenInfo.ProtoReflect.Descriptor instead. func (*AccessTokenInfo) Descriptor() ([]byte, []int) { - return file_identity_v1_types_proto_rawDescGZIP(), []int{15} + return file_identity_v1_types_proto_rawDescGZIP(), []int{18} } func (x *AccessTokenInfo) GetId() int64 { @@ -881,21 +1040,21 @@ func (x *AccessTokenInfo) GetScopes() []string { return nil } -func (x *AccessTokenInfo) GetExpiresAt() *timestamppb.Timestamp { +func (x *AccessTokenInfo) GetExpiresAt() *timestamp.Timestamp { if x != nil { return x.ExpiresAt } return nil } -func (x *AccessTokenInfo) GetCreatedAt() *timestamppb.Timestamp { +func (x *AccessTokenInfo) GetCreatedAt() *timestamp.Timestamp { if x != nil { return x.CreatedAt } return nil } -func (x *AccessTokenInfo) GetLastUsedAt() *timestamppb.Timestamp { +func (x *AccessTokenInfo) GetLastUsedAt() *timestamp.Timestamp { if x != nil { return x.LastUsedAt } @@ -959,7 +1118,18 @@ const file_identity_v1_types_proto_rawDesc = "" + "\brepo_ref\x18\x01 \x01(\tR\arepoRef\"N\n" + "\x14IdentityProviderInfo\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\"\n" + - "\fcapabilities\x18\x02 \x03(\tR\fcapabilities\"\xba\x02\n" + + "\fcapabilities\x18\x02 \x03(\tR\fcapabilities\"D\n" + + "\x10UserRolesRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x14\n" + + "\x05roles\x18\x02 \x03(\tR\x05roles\"S\n" + + "\x15UserBlueprintsRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1e\n" + + "\n" + + "blueprints\x18\x02 \x03(\tR\n" + + "blueprints\"N\n" + + "\x13UserAuthKeysRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" + + "\tauth_keys\x18\x02 \x03(\tR\bauthKeys\"\xba\x02\n" + "\x0fAccessTokenInfo\x12\x0e\n" + "\x02id\x18\x01 \x01(\x03R\x02id\x12\x1a\n" + "\busername\x18\x02 \x01(\tR\busername\x12\x12\n" + @@ -985,7 +1155,7 @@ func file_identity_v1_types_proto_rawDescGZIP() []byte { return file_identity_v1_types_proto_rawDescData } -var file_identity_v1_types_proto_msgTypes = make([]protoimpl.MessageInfo, 16) +var file_identity_v1_types_proto_msgTypes = make([]protoimpl.MessageInfo, 19) var file_identity_v1_types_proto_goTypes = []any{ (*Username)(nil), // 0: identity.v1.Username (*UserStr)(nil), // 1: identity.v1.UserStr @@ -1002,17 +1172,20 @@ var file_identity_v1_types_proto_goTypes = []any{ (*RepoPullRequestRequest)(nil), // 12: identity.v1.RepoPullRequestRequest (*RepoRefResponse)(nil), // 13: identity.v1.RepoRefResponse (*IdentityProviderInfo)(nil), // 14: identity.v1.IdentityProviderInfo - (*AccessTokenInfo)(nil), // 15: identity.v1.AccessTokenInfo - (*v1.User)(nil), // 16: common.v1.User - (*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp + (*UserRolesRequest)(nil), // 15: identity.v1.UserRolesRequest + (*UserBlueprintsRequest)(nil), // 16: identity.v1.UserBlueprintsRequest + (*UserAuthKeysRequest)(nil), // 17: identity.v1.UserAuthKeysRequest + (*AccessTokenInfo)(nil), // 18: identity.v1.AccessTokenInfo + (*v1.User)(nil), // 19: common.v1.User + (*timestamp.Timestamp)(nil), // 20: google.protobuf.Timestamp } var file_identity_v1_types_proto_depIdxs = []int32{ - 16, // 0: identity.v1.UserList.users:type_name -> common.v1.User - 16, // 1: identity.v1.GetUsersResponse.users:type_name -> common.v1.User - 16, // 2: identity.v1.AuthUserResponse.user:type_name -> common.v1.User - 17, // 3: identity.v1.AccessTokenInfo.expires_at:type_name -> google.protobuf.Timestamp - 17, // 4: identity.v1.AccessTokenInfo.created_at:type_name -> google.protobuf.Timestamp - 17, // 5: identity.v1.AccessTokenInfo.last_used_at:type_name -> google.protobuf.Timestamp + 19, // 0: identity.v1.UserList.users:type_name -> common.v1.User + 19, // 1: identity.v1.GetUsersResponse.users:type_name -> common.v1.User + 19, // 2: identity.v1.AuthUserResponse.user:type_name -> common.v1.User + 20, // 3: identity.v1.AccessTokenInfo.expires_at:type_name -> google.protobuf.Timestamp + 20, // 4: identity.v1.AccessTokenInfo.created_at:type_name -> google.protobuf.Timestamp + 20, // 5: identity.v1.AccessTokenInfo.last_used_at:type_name -> google.protobuf.Timestamp 6, // [6:6] is the sub-list for method output_type 6, // [6:6] is the sub-list for method input_type 6, // [6:6] is the sub-list for extension type_name @@ -1031,7 +1204,7 @@ func file_identity_v1_types_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_identity_v1_types_proto_rawDesc), len(file_identity_v1_types_proto_rawDesc)), NumEnums: 0, - NumMessages: 16, + NumMessages: 19, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/api/gen/go/k8shelld/v1/k8shelld.pb.go b/pkg/api/gen/go/k8shelld/v1/k8shelld.pb.go index 9c7f027..871e600 100644 --- a/pkg/api/gen/go/k8shelld/v1/k8shelld.pb.go +++ b/pkg/api/gen/go/k8shelld/v1/k8shelld.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: k8shelld/v1/k8shelld.proto package k8shelldv1 diff --git a/pkg/api/gen/go/k8shelld/v1/k8shelld_grpc.pb.go b/pkg/api/gen/go/k8shelld/v1/k8shelld_grpc.pb.go index 2ad1112..a7e60b1 100644 --- a/pkg/api/gen/go/k8shelld/v1/k8shelld_grpc.pb.go +++ b/pkg/api/gen/go/k8shelld/v1/k8shelld_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: k8shelld/v1/k8shelld.proto package k8shelldv1 diff --git a/pkg/api/gen/go/provisioner/v1/provisioner.pb.go b/pkg/api/gen/go/provisioner/v1/provisioner.pb.go index 4f2d5d8..cdd6819 100644 --- a/pkg/api/gen/go/provisioner/v1/provisioner.pb.go +++ b/pkg/api/gen/go/provisioner/v1/provisioner.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: provisioner/v1/provisioner.proto // Package provisioner.v1 defines the gRPC API for the k8shell provisioner diff --git a/pkg/api/gen/go/provisioner/v1/provisioner_grpc.pb.go b/pkg/api/gen/go/provisioner/v1/provisioner_grpc.pb.go index baf9cdf..c3668a5 100644 --- a/pkg/api/gen/go/provisioner/v1/provisioner_grpc.pb.go +++ b/pkg/api/gen/go/provisioner/v1/provisioner_grpc.pb.go @@ -4,7 +4,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: provisioner/v1/provisioner.proto // Package provisioner.v1 defines the gRPC API for the k8shell provisioner diff --git a/pkg/api/gen/go/session/v1/session.pb.go b/pkg/api/gen/go/session/v1/session.pb.go index 5226b88..50414e6 100644 --- a/pkg/api/gen/go/session/v1/session.pb.go +++ b/pkg/api/gen/go/session/v1/session.pb.go @@ -4,15 +4,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc (unknown) +// protoc v3.12.4 // source: session/v1/session.proto package sessionv1 import ( + empty "github.com/golang/protobuf/ptypes/empty" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - emptypb "google.golang.org/protobuf/types/known/emptypb" reflect "reflect" sync "sync" unsafe "unsafe" @@ -1590,7 +1590,7 @@ var file_session_v1_session_proto_goTypes = []any{ (*TcpipRecordingFrame)(nil), // 15: session.v1.TcpipRecordingFrame (*SftpRecordingHeader)(nil), // 16: session.v1.SftpRecordingHeader (*SftpRecordingFrame)(nil), // 17: session.v1.SftpRecordingFrame - (*emptypb.Empty)(nil), // 18: google.protobuf.Empty + (*empty.Empty)(nil), // 18: google.protobuf.Empty } var file_session_v1_session_proto_depIdxs = []int32{ 2, // 0: session.v1.Sessions.sessions:type_name -> session.v1.Session diff --git a/pkg/api/gen/go/session/v1/session_grpc.pb.go b/pkg/api/gen/go/session/v1/session_grpc.pb.go index a6d81fe..0d72690 100644 --- a/pkg/api/gen/go/session/v1/session_grpc.pb.go +++ b/pkg/api/gen/go/session/v1/session_grpc.pb.go @@ -4,17 +4,17 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.6.1 -// - protoc (unknown) +// - protoc v3.12.4 // source: session/v1/session.proto package sessionv1 import ( context "context" + empty "github.com/golang/protobuf/ptypes/empty" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" - emptypb "google.golang.org/protobuf/types/known/emptypb" ) // This is a compile-time assertion to ensure that this generated file @@ -42,7 +42,7 @@ type SessionServiceClient interface { UpsertSession(ctx context.Context, in *UpsertSessionRequest, opts ...grpc.CallOption) (*UpsertSessionResponse, error) // EndSession marks a session as ended, recording its final byte counts // and end time. - EndSession(ctx context.Context, in *EndSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + EndSession(ctx context.Context, in *EndSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) } type sessionServiceClient struct { @@ -73,9 +73,9 @@ func (c *sessionServiceClient) UpsertSession(ctx context.Context, in *UpsertSess return out, nil } -func (c *sessionServiceClient) EndSession(ctx context.Context, in *EndSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { +func (c *sessionServiceClient) EndSession(ctx context.Context, in *EndSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(emptypb.Empty) + out := new(empty.Empty) err := c.cc.Invoke(ctx, SessionService_EndSession_FullMethodName, in, out, cOpts...) if err != nil { return nil, err @@ -97,7 +97,7 @@ type SessionServiceServer interface { UpsertSession(context.Context, *UpsertSessionRequest) (*UpsertSessionResponse, error) // EndSession marks a session as ended, recording its final byte counts // and end time. - EndSession(context.Context, *EndSessionRequest) (*emptypb.Empty, error) + EndSession(context.Context, *EndSessionRequest) (*empty.Empty, error) mustEmbedUnimplementedSessionServiceServer() } @@ -114,7 +114,7 @@ func (UnimplementedSessionServiceServer) GetSessions(context.Context, *GetSessio func (UnimplementedSessionServiceServer) UpsertSession(context.Context, *UpsertSessionRequest) (*UpsertSessionResponse, error) { return nil, status.Error(codes.Unimplemented, "method UpsertSession not implemented") } -func (UnimplementedSessionServiceServer) EndSession(context.Context, *EndSessionRequest) (*emptypb.Empty, error) { +func (UnimplementedSessionServiceServer) EndSession(context.Context, *EndSessionRequest) (*empty.Empty, error) { return nil, status.Error(codes.Unimplemented, "method EndSession not implemented") } func (UnimplementedSessionServiceServer) mustEmbedUnimplementedSessionServiceServer() {} @@ -235,21 +235,21 @@ type RecordingServiceClient interface { // StreamShellRecording records a PTY shell session. The first frame must // be a ShellRecordingHeader; subsequent frames carry data chunks or // terminal resize events. - StreamShellRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ShellRecordingFrame, emptypb.Empty], error) + StreamShellRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ShellRecordingFrame, empty.Empty], error) // StreamExecRecording records a non-PTY exec channel. The first frame must // be an ExecRecordingHeader; subsequent frames carry data chunks. - StreamExecRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ExecRecordingFrame, emptypb.Empty], error) + StreamExecRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ExecRecordingFrame, empty.Empty], error) // StreamTcpipRecording records a direct-tcpip port-forward channel. The // first frame must be a TcpipRecordingHeader; subsequent frames carry data chunks. - StreamTcpipRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[TcpipRecordingFrame, emptypb.Empty], error) + StreamTcpipRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[TcpipRecordingFrame, empty.Empty], error) // StreamSftpRecording records an SFTP subsystem channel. The first frame // must be a SftpRecordingHeader; subsequent frames carry data chunks. - StreamSftpRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[SftpRecordingFrame, emptypb.Empty], error) + StreamSftpRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[SftpRecordingFrame, empty.Empty], error) // EndRecordingSession notifies the recording backend that a session has ended // and all associated recording resources (open streams, buffers, file handles) // should be flushed and released. Must be called once per session_id when the // SSH session terminates, regardless of how many recording streams were opened. - EndRecordingSession(ctx context.Context, in *EndRecordingSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + EndRecordingSession(ctx context.Context, in *EndRecordingSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) } type recordingServiceClient struct { @@ -260,61 +260,61 @@ func NewRecordingServiceClient(cc grpc.ClientConnInterface) RecordingServiceClie return &recordingServiceClient{cc} } -func (c *recordingServiceClient) StreamShellRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ShellRecordingFrame, emptypb.Empty], error) { +func (c *recordingServiceClient) StreamShellRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ShellRecordingFrame, empty.Empty], error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) stream, err := c.cc.NewStream(ctx, &RecordingService_ServiceDesc.Streams[0], RecordingService_StreamShellRecording_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[ShellRecordingFrame, emptypb.Empty]{ClientStream: stream} + x := &grpc.GenericClientStream[ShellRecordingFrame, empty.Empty]{ClientStream: stream} return x, nil } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamShellRecordingClient = grpc.ClientStreamingClient[ShellRecordingFrame, emptypb.Empty] +type RecordingService_StreamShellRecordingClient = grpc.ClientStreamingClient[ShellRecordingFrame, empty.Empty] -func (c *recordingServiceClient) StreamExecRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ExecRecordingFrame, emptypb.Empty], error) { +func (c *recordingServiceClient) StreamExecRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[ExecRecordingFrame, empty.Empty], error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) stream, err := c.cc.NewStream(ctx, &RecordingService_ServiceDesc.Streams[1], RecordingService_StreamExecRecording_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[ExecRecordingFrame, emptypb.Empty]{ClientStream: stream} + x := &grpc.GenericClientStream[ExecRecordingFrame, empty.Empty]{ClientStream: stream} return x, nil } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamExecRecordingClient = grpc.ClientStreamingClient[ExecRecordingFrame, emptypb.Empty] +type RecordingService_StreamExecRecordingClient = grpc.ClientStreamingClient[ExecRecordingFrame, empty.Empty] -func (c *recordingServiceClient) StreamTcpipRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[TcpipRecordingFrame, emptypb.Empty], error) { +func (c *recordingServiceClient) StreamTcpipRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[TcpipRecordingFrame, empty.Empty], error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) stream, err := c.cc.NewStream(ctx, &RecordingService_ServiceDesc.Streams[2], RecordingService_StreamTcpipRecording_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[TcpipRecordingFrame, emptypb.Empty]{ClientStream: stream} + x := &grpc.GenericClientStream[TcpipRecordingFrame, empty.Empty]{ClientStream: stream} return x, nil } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamTcpipRecordingClient = grpc.ClientStreamingClient[TcpipRecordingFrame, emptypb.Empty] +type RecordingService_StreamTcpipRecordingClient = grpc.ClientStreamingClient[TcpipRecordingFrame, empty.Empty] -func (c *recordingServiceClient) StreamSftpRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[SftpRecordingFrame, emptypb.Empty], error) { +func (c *recordingServiceClient) StreamSftpRecording(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[SftpRecordingFrame, empty.Empty], error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) stream, err := c.cc.NewStream(ctx, &RecordingService_ServiceDesc.Streams[3], RecordingService_StreamSftpRecording_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[SftpRecordingFrame, emptypb.Empty]{ClientStream: stream} + x := &grpc.GenericClientStream[SftpRecordingFrame, empty.Empty]{ClientStream: stream} return x, nil } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamSftpRecordingClient = grpc.ClientStreamingClient[SftpRecordingFrame, emptypb.Empty] +type RecordingService_StreamSftpRecordingClient = grpc.ClientStreamingClient[SftpRecordingFrame, empty.Empty] -func (c *recordingServiceClient) EndRecordingSession(ctx context.Context, in *EndRecordingSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { +func (c *recordingServiceClient) EndRecordingSession(ctx context.Context, in *EndRecordingSessionRequest, opts ...grpc.CallOption) (*empty.Empty, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(emptypb.Empty) + out := new(empty.Empty) err := c.cc.Invoke(ctx, RecordingService_EndRecordingSession_FullMethodName, in, out, cOpts...) if err != nil { return nil, err @@ -333,21 +333,21 @@ type RecordingServiceServer interface { // StreamShellRecording records a PTY shell session. The first frame must // be a ShellRecordingHeader; subsequent frames carry data chunks or // terminal resize events. - StreamShellRecording(grpc.ClientStreamingServer[ShellRecordingFrame, emptypb.Empty]) error + StreamShellRecording(grpc.ClientStreamingServer[ShellRecordingFrame, empty.Empty]) error // StreamExecRecording records a non-PTY exec channel. The first frame must // be an ExecRecordingHeader; subsequent frames carry data chunks. - StreamExecRecording(grpc.ClientStreamingServer[ExecRecordingFrame, emptypb.Empty]) error + StreamExecRecording(grpc.ClientStreamingServer[ExecRecordingFrame, empty.Empty]) error // StreamTcpipRecording records a direct-tcpip port-forward channel. The // first frame must be a TcpipRecordingHeader; subsequent frames carry data chunks. - StreamTcpipRecording(grpc.ClientStreamingServer[TcpipRecordingFrame, emptypb.Empty]) error + StreamTcpipRecording(grpc.ClientStreamingServer[TcpipRecordingFrame, empty.Empty]) error // StreamSftpRecording records an SFTP subsystem channel. The first frame // must be a SftpRecordingHeader; subsequent frames carry data chunks. - StreamSftpRecording(grpc.ClientStreamingServer[SftpRecordingFrame, emptypb.Empty]) error + StreamSftpRecording(grpc.ClientStreamingServer[SftpRecordingFrame, empty.Empty]) error // EndRecordingSession notifies the recording backend that a session has ended // and all associated recording resources (open streams, buffers, file handles) // should be flushed and released. Must be called once per session_id when the // SSH session terminates, regardless of how many recording streams were opened. - EndRecordingSession(context.Context, *EndRecordingSessionRequest) (*emptypb.Empty, error) + EndRecordingSession(context.Context, *EndRecordingSessionRequest) (*empty.Empty, error) mustEmbedUnimplementedRecordingServiceServer() } @@ -358,19 +358,19 @@ type RecordingServiceServer interface { // pointer dereference when methods are called. type UnimplementedRecordingServiceServer struct{} -func (UnimplementedRecordingServiceServer) StreamShellRecording(grpc.ClientStreamingServer[ShellRecordingFrame, emptypb.Empty]) error { +func (UnimplementedRecordingServiceServer) StreamShellRecording(grpc.ClientStreamingServer[ShellRecordingFrame, empty.Empty]) error { return status.Error(codes.Unimplemented, "method StreamShellRecording not implemented") } -func (UnimplementedRecordingServiceServer) StreamExecRecording(grpc.ClientStreamingServer[ExecRecordingFrame, emptypb.Empty]) error { +func (UnimplementedRecordingServiceServer) StreamExecRecording(grpc.ClientStreamingServer[ExecRecordingFrame, empty.Empty]) error { return status.Error(codes.Unimplemented, "method StreamExecRecording not implemented") } -func (UnimplementedRecordingServiceServer) StreamTcpipRecording(grpc.ClientStreamingServer[TcpipRecordingFrame, emptypb.Empty]) error { +func (UnimplementedRecordingServiceServer) StreamTcpipRecording(grpc.ClientStreamingServer[TcpipRecordingFrame, empty.Empty]) error { return status.Error(codes.Unimplemented, "method StreamTcpipRecording not implemented") } -func (UnimplementedRecordingServiceServer) StreamSftpRecording(grpc.ClientStreamingServer[SftpRecordingFrame, emptypb.Empty]) error { +func (UnimplementedRecordingServiceServer) StreamSftpRecording(grpc.ClientStreamingServer[SftpRecordingFrame, empty.Empty]) error { return status.Error(codes.Unimplemented, "method StreamSftpRecording not implemented") } -func (UnimplementedRecordingServiceServer) EndRecordingSession(context.Context, *EndRecordingSessionRequest) (*emptypb.Empty, error) { +func (UnimplementedRecordingServiceServer) EndRecordingSession(context.Context, *EndRecordingSessionRequest) (*empty.Empty, error) { return nil, status.Error(codes.Unimplemented, "method EndRecordingSession not implemented") } func (UnimplementedRecordingServiceServer) mustEmbedUnimplementedRecordingServiceServer() {} @@ -395,32 +395,32 @@ func RegisterRecordingServiceServer(s grpc.ServiceRegistrar, srv RecordingServic } func _RecordingService_StreamShellRecording_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(RecordingServiceServer).StreamShellRecording(&grpc.GenericServerStream[ShellRecordingFrame, emptypb.Empty]{ServerStream: stream}) + return srv.(RecordingServiceServer).StreamShellRecording(&grpc.GenericServerStream[ShellRecordingFrame, empty.Empty]{ServerStream: stream}) } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamShellRecordingServer = grpc.ClientStreamingServer[ShellRecordingFrame, emptypb.Empty] +type RecordingService_StreamShellRecordingServer = grpc.ClientStreamingServer[ShellRecordingFrame, empty.Empty] func _RecordingService_StreamExecRecording_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(RecordingServiceServer).StreamExecRecording(&grpc.GenericServerStream[ExecRecordingFrame, emptypb.Empty]{ServerStream: stream}) + return srv.(RecordingServiceServer).StreamExecRecording(&grpc.GenericServerStream[ExecRecordingFrame, empty.Empty]{ServerStream: stream}) } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamExecRecordingServer = grpc.ClientStreamingServer[ExecRecordingFrame, emptypb.Empty] +type RecordingService_StreamExecRecordingServer = grpc.ClientStreamingServer[ExecRecordingFrame, empty.Empty] func _RecordingService_StreamTcpipRecording_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(RecordingServiceServer).StreamTcpipRecording(&grpc.GenericServerStream[TcpipRecordingFrame, emptypb.Empty]{ServerStream: stream}) + return srv.(RecordingServiceServer).StreamTcpipRecording(&grpc.GenericServerStream[TcpipRecordingFrame, empty.Empty]{ServerStream: stream}) } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamTcpipRecordingServer = grpc.ClientStreamingServer[TcpipRecordingFrame, emptypb.Empty] +type RecordingService_StreamTcpipRecordingServer = grpc.ClientStreamingServer[TcpipRecordingFrame, empty.Empty] func _RecordingService_StreamSftpRecording_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(RecordingServiceServer).StreamSftpRecording(&grpc.GenericServerStream[SftpRecordingFrame, emptypb.Empty]{ServerStream: stream}) + return srv.(RecordingServiceServer).StreamSftpRecording(&grpc.GenericServerStream[SftpRecordingFrame, empty.Empty]{ServerStream: stream}) } // This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type RecordingService_StreamSftpRecordingServer = grpc.ClientStreamingServer[SftpRecordingFrame, emptypb.Empty] +type RecordingService_StreamSftpRecordingServer = grpc.ClientStreamingServer[SftpRecordingFrame, empty.Empty] func _RecordingService_EndRecordingSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(EndRecordingSessionRequest) diff --git a/pkg/api/proto/identity/v1/identity.proto b/pkg/api/proto/identity/v1/identity.proto index 4500b23..114ff09 100644 --- a/pkg/api/proto/identity/v1/identity.proto +++ b/pkg/api/proto/identity/v1/identity.proto @@ -10,6 +10,7 @@ option go_package = "github.com/k8shell-io/common/pkg/api/gen/go/identity/v1;ide import "common/v1/common.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; import "identity/v1/types.proto"; // IdentityService provides operations for user management, authentication, @@ -60,6 +61,28 @@ service IdentityService { // AddUserCredential adds a new credential for a user. rpc AddUserCredential (common.v1.UserCredential) returns (AddUserCredentialResponse); + // UpdateUser applies a partial update to a user record. Only fields wrapped + // in a value type (or repeated fields that are non-empty) are applied. + rpc UpdateUser (UpdateUserRequest) returns (common.v1.User); + + // AddUserRoles adds one or more roles to a user without affecting existing roles. + rpc AddUserRoles (UserRolesRequest) returns (common.v1.User); + + // RemoveUserRoles removes one or more roles from a user. + rpc RemoveUserRoles (UserRolesRequest) returns (common.v1.User); + + // AddUserBlueprints grants a user access to one or more blueprints. + rpc AddUserBlueprints (UserBlueprintsRequest) returns (common.v1.User); + + // RemoveUserBlueprints revokes access to one or more blueprints from a user. + rpc RemoveUserBlueprints (UserBlueprintsRequest) returns (common.v1.User); + + // AddUserAuthKeys registers one or more SSH public keys for a user. + rpc AddUserAuthKeys (UserAuthKeysRequest) returns (common.v1.User); + + // RemoveUserAuthKeys removes one or more SSH public keys from a user. + rpc RemoveUserAuthKeys (UserAuthKeysRequest) returns (common.v1.User); + // UpdateUserCredential updates an existing credential for a user. rpc UpdateUserCredential (common.v1.UserCredential) returns (UpdateUserCredentialResponse); @@ -87,6 +110,19 @@ service IdentityService { // Messages +// UpdateUserRequest carries a partial update for a user record. +// Only wrapper-typed fields that are set (non-nil) and repeated fields that +// are non-empty will be applied; unset fields leave the existing value intact. +message UpdateUserRequest { + string username = 1; + google.protobuf.StringValue fullname = 2; + repeated string roles = 3; + google.protobuf.BoolValue sudo = 4; + repeated string blueprints = 5; + google.protobuf.BoolValue locked = 6; + repeated string auth_keys = 7; +} + // IssueUserTokenRequest carries the username for a token issuance request. message IssueUserTokenRequest { string username = 1; diff --git a/pkg/api/proto/identity/v1/types.proto b/pkg/api/proto/identity/v1/types.proto index 627348b..8b66f51 100644 --- a/pkg/api/proto/identity/v1/types.proto +++ b/pkg/api/proto/identity/v1/types.proto @@ -100,6 +100,24 @@ message IdentityProviderInfo { repeated string capabilities = 2; } +// UserRolesRequest carries a username and one or more roles to add or remove. +message UserRolesRequest { + string username = 1; + repeated string roles = 2; +} + +// UserBlueprintsRequest carries a username and one or more blueprints to grant or revoke. +message UserBlueprintsRequest { + string username = 1; + repeated string blueprints = 2; +} + +// UserAuthKeysRequest carries a username and one or more SSH public keys to register or remove. +message UserAuthKeysRequest { + string username = 1; + repeated string auth_keys = 2; +} + // AccessTokenInfo carries access token metadata returned in list responses. // The raw token and its hash are never included. message AccessTokenInfo { diff --git a/pkg/authz/user.go b/pkg/authz/user.go index 526d5bb..8794b60 100644 --- a/pkg/authz/user.go +++ b/pkg/authz/user.go @@ -44,7 +44,7 @@ package authz // id username (required) // // Context -// data_type profile | credentials | blueprints (required) +// data_type profile | credentials | blueprints | roles (required) // // Subject injected by the backend from JWT claims (username, roles, email, ...) // @@ -83,6 +83,20 @@ package authz // // --- // +// Contract: user:write +// +// Resource type="user" +// id username (required) — the user record being mutated +// +// Context +// data_type profile | credentials | blueprints | roles (required) +// +// Subject injected by the backend from JWT claims (username, roles, email, ...) +// +// Obligations (none) — allow/deny only +// +// --- +// // Contract: token:read // // Resource type="user" @@ -103,15 +117,27 @@ import ( "github.com/k8shell-io/common/pkg/models" ) -// UserDataType identifies which slice of user data is being read in user:read. +// UserDataType identifies which slice of user data is being accessed in +// user:read and user:write. type UserDataType string const ( UserDataTypeProfile UserDataType = "profile" UserDataTypeCredentials UserDataType = "credentials" UserDataTypeBlueprints UserDataType = "blueprints" + UserDataTypeRoles UserDataType = "roles" ) +func validateUserDataType(dt UserDataType) error { + switch dt { + case UserDataTypeProfile, UserDataTypeCredentials, UserDataTypeBlueprints, UserDataTypeRoles: + return nil + default: + return fmt.Errorf("context \"data_type\" must be %q, %q, %q, or %q, got %q", + UserDataTypeProfile, UserDataTypeCredentials, UserDataTypeBlueprints, UserDataTypeRoles, dt) + } +} + // UserAuthMethod is the typed representation of an SSH authentication method. type UserAuthMethod string @@ -458,11 +484,8 @@ func (r *UserReadEvalRequest) Validate() error { if r.Resource.ID == "" { return fmt.Errorf("user:read: resource ID (username) is required") } - switch r.DataType { - case UserDataTypeProfile, UserDataTypeCredentials, UserDataTypeBlueprints: - default: - return fmt.Errorf("user:read: context \"data_type\" must be %q, %q, or %q, got %q", - UserDataTypeProfile, UserDataTypeCredentials, UserDataTypeBlueprints, r.DataType) + if err := validateUserDataType(r.DataType); err != nil { + return fmt.Errorf("user:read: %w", err) } return nil } @@ -694,6 +717,90 @@ func (r *UserTokenReadEvalRequest) Validate() error { return nil } +// UserWriteEvalRequest is the validated, typed model for user:write policy +// evaluation. It covers all mutations to a user record: profile fields, roles, +// blueprints, and auth keys. Use NewUserWriteEvalRequest to build it. +type UserWriteEvalRequest struct { + Resource UserResource + DataType UserDataType +} + +var _ EvalRequest = (*UserWriteEvalRequest)(nil) + +// NewUserWriteEvalRequest begins building a UserWriteEvalRequest for the given +// target username. Call WithDataType then Build to validate and obtain the +// final struct. +func NewUserWriteEvalRequest(username string) *UserWriteEvalRequest { + return &UserWriteEvalRequest{Resource: UserResource{ID: username}} +} + +// WithDataType sets the data type being mutated. +func (r *UserWriteEvalRequest) WithDataType(dt UserDataType) *UserWriteEvalRequest { + r.DataType = dt + return r +} + +// Build validates the request and returns it if all constraints are satisfied. +// It is the required terminator for the builder chain. +func (r *UserWriteEvalRequest) Build() (*UserWriteEvalRequest, error) { + if err := r.Validate(); err != nil { + return nil, err + } + return r, nil +} + +// ToProto serializes the typed request into a gRPC EvaluateRequest, attaching +// the supplied JWT token. +// Implements EvalRequest. +func (r *UserWriteEvalRequest) ToProto(token string) *authzv1.EvaluateRequest { + return &authzv1.EvaluateRequest{ + Token: token, + Action: "user:write", + Resource: &authzv1.Resource{ + Type: "user", + Id: r.Resource.ID, + }, + Context: map[string]string{"data_type": string(r.DataType)}, + } +} + +// UserWriteEvalRequestFromProto converts a gRPC EvaluateRequest into a +// validated UserWriteEvalRequest. +func UserWriteEvalRequestFromProto(req *authzv1.EvaluateRequest) (*UserWriteEvalRequest, error) { + if req == nil { + return nil, fmt.Errorf("user:write: EvaluateRequest is nil") + } + if req.Action != "user:write" { + return nil, fmt.Errorf("user:write: action must be \"user:write\", got %q", req.Action) + } + if req.Resource == nil { + return nil, fmt.Errorf("user:write: resource is nil") + } + if req.Resource.Type != "user" { + return nil, fmt.Errorf("user:write: resource type must be \"user\", got %q", req.Resource.Type) + } + r := &UserWriteEvalRequest{ + Resource: UserResource{ID: req.Resource.Id}, + DataType: UserDataType(req.Context["data_type"]), + } + if err := r.Validate(); err != nil { + return nil, err + } + return r, nil +} + +// Validate checks the request against the user:write contract. +// Implements EvalRequest. +func (r *UserWriteEvalRequest) Validate() error { + if r.Resource.ID == "" { + return fmt.Errorf("user:write: resource ID (username) is required") + } + if err := validateUserDataType(r.DataType); err != nil { + return fmt.Errorf("user:write: %w", err) + } + return nil +} + const ( // ObligationKeyScopes is the key the policy engine writes to restrict the // scopes a newly created token may carry. The value is a JSON-encoded array diff --git a/pkg/models/requests.go b/pkg/models/requests.go new file mode 100644 index 0000000..f99fd1c --- /dev/null +++ b/pkg/models/requests.go @@ -0,0 +1,31 @@ +package models + +// UserUpdateRequest is the HTTP request body for PATCH /users/{username}. +// Only non-nil pointer fields and non-empty slices are applied (PATCH semantics). +// Note: proto counterpart is identityv1.UpdateUserRequest (different wire format, no json tags). +type UserUpdateRequest struct { + Fullname *string `json:"fullname,omitempty"` + Roles []Role `json:"roles,omitempty"` + Sudo *bool `json:"sudo,omitempty"` + Blueprints []string `json:"blueprints,omitempty"` + Locked *bool `json:"locked,omitempty"` + Keys []string `json:"keys,omitempty"` +} + +// UserRolesRequest is the HTTP request body for adding or removing roles on a user. +// Note: proto counterpart is identityv1.UserRolesRequest. +type UserRolesRequest struct { + Roles []Role `json:"roles"` +} + +// UserBlueprintsRequest is the HTTP request body for adding or removing blueprints on a user. +// Note: proto counterpart is identityv1.UserBlueprintsRequest. +type UserBlueprintsRequest struct { + Blueprints []string `json:"blueprints"` +} + +// UserKeysRequest is the HTTP request body for adding or removing SSH public keys on a user. +// Note: proto counterpart is identityv1.UserAuthKeysRequest. +type UserKeysRequest struct { + Keys []string `json:"keys"` +}