From bac00cc6109c50d1a2f712ce09bbe6987893ab63 Mon Sep 17 00:00:00 2001 From: Patrick Stephen Date: Tue, 15 Sep 2020 09:39:57 -0500 Subject: [PATCH] terraform-provider-sdm: use latest go sdk version in go.mod.public file GitOrigin-RevId: 13d92b29176582f1026f77f9360a7768f4090423 --- go.mod | 2 +- go.sum | 2 + .../strongdm/strongdm-sdk-go/client.go | 26 +- .../internal/v1/account_attachments.pb.go | 2 +- .../internal/v1/accounts.pb.go | 7 +- .../internal/v1/control_panel.pb.go | 259 ++++++++++++++++++ .../strongdm-sdk-go/internal/v1/nodes.pb.go | 4 +- .../internal/v1/role_grants.pb.go | 3 +- .../strongdm-sdk-go/internal/v1/roles.pb.go | 2 +- .../strongdm/strongdm-sdk-go/models.go | 30 +- .../strongdm/strongdm-sdk-go/plumbing.go | 38 +++ .../strongdm/strongdm-sdk-go/svc.go | 52 +++- vendor/modules.txt | 2 +- 13 files changed, 389 insertions(+), 40 deletions(-) create mode 100644 vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/control_panel.pb.go diff --git a/go.mod b/go.mod index 29341d14..67f5ed9c 100644 --- a/go.mod +++ b/go.mod @@ -4,5 +4,5 @@ go 1.13 require ( github.com/hashicorp/terraform-plugin-sdk v1.7.0 - github.com/strongdm/strongdm-sdk-go v0.9.18 + github.com/strongdm/strongdm-sdk-go v0.9.19 ) diff --git a/go.sum b/go.sum index fbeed4a5..cf823d68 100644 --- a/go.sum +++ b/go.sum @@ -190,6 +190,8 @@ github.com/strongdm/strongdm-sdk-go v0.9.15 h1:1cFUPVGxZCoXjF6Eb/rC2HEQ4kY25peCg github.com/strongdm/strongdm-sdk-go v0.9.15/go.mod h1:X5SMmakW9iBWArxTXrSh0gmUmkMP3HLaYSTCnu9/WKA= github.com/strongdm/strongdm-sdk-go v0.9.18 h1:9nM3fy5M2kB1StvXiDv+hE2ZRwBjrp05jffdQorayvM= github.com/strongdm/strongdm-sdk-go v0.9.18/go.mod h1:X5SMmakW9iBWArxTXrSh0gmUmkMP3HLaYSTCnu9/WKA= +github.com/strongdm/strongdm-sdk-go v0.9.19 h1:qnNX0ZAdqGEosXK8cBCLb5DtArSVQkqIgiazRSiJfmM= +github.com/strongdm/strongdm-sdk-go v0.9.19/go.mod h1:X5SMmakW9iBWArxTXrSh0gmUmkMP3HLaYSTCnu9/WKA= github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok= github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/client.go b/vendor/github.com/strongdm/strongdm-sdk-go/client.go index 40a25d56..f3d196ce 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/client.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/client.go @@ -63,6 +63,7 @@ type Client struct { accountAttachments *AccountAttachments accountGrants *AccountGrants accounts *Accounts + controlPanel *ControlPanel nodes *Nodes resources *Resources roleAttachments *RoleAttachments @@ -117,6 +118,10 @@ func New(token, secret string, opts ...ClientOption) (*Client, error) { client: plumbing.NewAccountsClient(client.grpcConn), parent: client, } + client.controlPanel = &ControlPanel{ + client: plumbing.NewControlPanelClient(client.grpcConn), + parent: client, + } client.nodes = &Nodes{ client: plumbing.NewNodesClient(client.grpcConn), parent: client, @@ -154,7 +159,7 @@ func WithInsecure() ClientOption { } } -// AccountAttachments assign an account to a role. +// AccountAttachments assign an account to a role or composite role. func (c *Client) AccountAttachments() *AccountAttachments { return c.accountAttachments } @@ -164,18 +169,21 @@ func (c *Client) AccountGrants() *AccountGrants { return c.accountGrants } -// Accounts are users that have access to strongDM. -// There are two types of accounts: -// 1. **Regular users:** humans who are authenticated through username and password or SSO -// 2. **Service users:** machines that are authneticated using a service token +// Accounts are users that have access to strongDM. There are two types of accounts: +// 1. **Users:** humans who are authenticated through username and password or SSO. +// 2. **Service Accounts:** machines that are authenticated using a service token. func (c *Client) Accounts() *Accounts { return c.accounts } -// Nodes make up the strongDM network, and allow your users to connect securely to your resources. -// There are two types of nodes: -// 1. **Relay:** creates connectivity to your datasources, while maintaining the egress-only nature of your firewall -// 1. **Gateways:** a relay that also listens for connections from strongDM clients +// ControlPanel contains all administrative controls. +func (c *Client) ControlPanel() *ControlPanel { + return c.controlPanel +} + +// Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes: +// - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers. +// - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections. func (c *Client) Nodes() *Nodes { return c.nodes } diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/account_attachments.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/account_attachments.pb.go index e0c9ba51..72aaf881 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/account_attachments.pb.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/account_attachments.pb.go @@ -469,7 +469,7 @@ func (m *AccountAttachmentListResponse) GetRateLimit() *RateLimitMetadata { return nil } -// AccountAttachments assign an account to a role. +// AccountAttachments assign an account to a role or composite role. type AccountAttachment struct { // Unique identifier of the AccountAttachment. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/accounts.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/accounts.pb.go index c006b7fb..0d10f578 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/accounts.pb.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/accounts.pb.go @@ -601,10 +601,9 @@ func (m *AccountListResponse) GetRateLimit() *RateLimitMetadata { return nil } -// Accounts are users that have access to strongDM. -// There are two types of accounts: -// 1. **Regular users:** humans who are authenticated through username and password or SSO -// 2. **Service users:** machines that are authneticated using a service token +// Accounts are users that have access to strongDM. There are two types of accounts: +// 1. **Users:** humans who are authenticated through username and password or SSO. +// 2. **Service Accounts:** machines that are authenticated using a service token. type Account struct { // Types that are valid to be assigned to Account: // *Account_User diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/control_panel.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/control_panel.pb.go new file mode 100644 index 00000000..b3761508 --- /dev/null +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/control_panel.pb.go @@ -0,0 +1,259 @@ +// Copyright 2020 StrongDM Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: control_panel.proto + +package v1 + +import ( + context "context" + fmt "fmt" + proto "github.com/golang/protobuf/proto" + _ "google.golang.org/genproto/googleapis/api/annotations" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + math "math" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// ControlPanelGetSSHCAPublicKeyRequest represents a request for an +// organization's SSH CA public key. +type ControlPanelGetSSHCAPublicKeyRequest struct { + // Reserved for future use. + Meta *GetRequestMetadata `protobuf:"bytes,1,opt,name=meta,proto3" json:"meta,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ControlPanelGetSSHCAPublicKeyRequest) Reset() { *m = ControlPanelGetSSHCAPublicKeyRequest{} } +func (m *ControlPanelGetSSHCAPublicKeyRequest) String() string { return proto.CompactTextString(m) } +func (*ControlPanelGetSSHCAPublicKeyRequest) ProtoMessage() {} +func (*ControlPanelGetSSHCAPublicKeyRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_bf80c768380a9a5a, []int{0} +} + +func (m *ControlPanelGetSSHCAPublicKeyRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest.Unmarshal(m, b) +} +func (m *ControlPanelGetSSHCAPublicKeyRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest.Marshal(b, m, deterministic) +} +func (m *ControlPanelGetSSHCAPublicKeyRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest.Merge(m, src) +} +func (m *ControlPanelGetSSHCAPublicKeyRequest) XXX_Size() int { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest.Size(m) +} +func (m *ControlPanelGetSSHCAPublicKeyRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ControlPanelGetSSHCAPublicKeyRequest proto.InternalMessageInfo + +func (m *ControlPanelGetSSHCAPublicKeyRequest) GetMeta() *GetRequestMetadata { + if m != nil { + return m.Meta + } + return nil +} + +// ControlPanelGetSSHCAPublicKeyResponse represents a request for an +// organization's SSH Certificate Authority public key. +type ControlPanelGetSSHCAPublicKeyResponse struct { + // Reserved for future use. + Meta *GetResponseMetadata `protobuf:"bytes,1,opt,name=meta,proto3" json:"meta,omitempty"` + // The public key of the SSH Certificate Authority, in OpenSSH RSA public + // key format. + PublicKey string `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + // Rate limit information. + RateLimit *RateLimitMetadata `protobuf:"bytes,3,opt,name=rate_limit,json=rateLimit,proto3" json:"rate_limit,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ControlPanelGetSSHCAPublicKeyResponse) Reset() { *m = ControlPanelGetSSHCAPublicKeyResponse{} } +func (m *ControlPanelGetSSHCAPublicKeyResponse) String() string { return proto.CompactTextString(m) } +func (*ControlPanelGetSSHCAPublicKeyResponse) ProtoMessage() {} +func (*ControlPanelGetSSHCAPublicKeyResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_bf80c768380a9a5a, []int{1} +} + +func (m *ControlPanelGetSSHCAPublicKeyResponse) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse.Unmarshal(m, b) +} +func (m *ControlPanelGetSSHCAPublicKeyResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse.Marshal(b, m, deterministic) +} +func (m *ControlPanelGetSSHCAPublicKeyResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse.Merge(m, src) +} +func (m *ControlPanelGetSSHCAPublicKeyResponse) XXX_Size() int { + return xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse.Size(m) +} +func (m *ControlPanelGetSSHCAPublicKeyResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ControlPanelGetSSHCAPublicKeyResponse proto.InternalMessageInfo + +func (m *ControlPanelGetSSHCAPublicKeyResponse) GetMeta() *GetResponseMetadata { + if m != nil { + return m.Meta + } + return nil +} + +func (m *ControlPanelGetSSHCAPublicKeyResponse) GetPublicKey() string { + if m != nil { + return m.PublicKey + } + return "" +} + +func (m *ControlPanelGetSSHCAPublicKeyResponse) GetRateLimit() *RateLimitMetadata { + if m != nil { + return m.RateLimit + } + return nil +} + +func init() { + proto.RegisterType((*ControlPanelGetSSHCAPublicKeyRequest)(nil), "v1.ControlPanelGetSSHCAPublicKeyRequest") + proto.RegisterType((*ControlPanelGetSSHCAPublicKeyResponse)(nil), "v1.ControlPanelGetSSHCAPublicKeyResponse") +} + +func init() { proto.RegisterFile("control_panel.proto", fileDescriptor_bf80c768380a9a5a) } + +var fileDescriptor_bf80c768380a9a5a = []byte{ + // 357 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x92, 0xbf, 0x4a, 0xfb, 0x50, + 0x14, 0xc7, 0x49, 0x7f, 0x3f, 0x2d, 0x3d, 0xea, 0xe0, 0xf5, 0x5f, 0x08, 0x1d, 0x4a, 0x51, 0x68, + 0x1d, 0x12, 0x5a, 0x05, 0xc1, 0x49, 0xdb, 0xa1, 0x82, 0x0a, 0x25, 0x7d, 0x80, 0x72, 0x9b, 0x1e, + 0x62, 0x30, 0xb9, 0xf7, 0x9a, 0x7b, 0x5a, 0xe8, 0xea, 0xe8, 0xea, 0xe8, 0x0b, 0x38, 0x0a, 0x7d, + 0x14, 0x27, 0x77, 0x9f, 0x40, 0x17, 0x71, 0x92, 0x24, 0xad, 0xb4, 0x28, 0xd8, 0x2d, 0xf9, 0x9e, + 0x2f, 0x9f, 0x0f, 0xf7, 0x70, 0x60, 0xc3, 0x93, 0x82, 0x62, 0x19, 0x76, 0x15, 0x17, 0x18, 0xda, + 0x2a, 0x96, 0x24, 0x59, 0x6e, 0x58, 0xb3, 0x8a, 0xbe, 0x94, 0x7e, 0x88, 0x0e, 0x57, 0x81, 0xc3, + 0x85, 0x90, 0xc4, 0x29, 0x90, 0x42, 0x67, 0x0d, 0x6b, 0x4d, 0xaa, 0xd9, 0x5f, 0xd0, 0x0a, 0xbd, + 0xec, 0xbb, 0xec, 0xc2, 0x6e, 0x33, 0x63, 0xb6, 0x13, 0x64, 0x0b, 0xa9, 0xd3, 0x39, 0x6b, 0x9e, + 0xb6, 0x07, 0xbd, 0x30, 0xf0, 0xce, 0x71, 0xe4, 0xe2, 0xcd, 0x00, 0x35, 0xb1, 0x7d, 0xf8, 0x1f, + 0x21, 0x71, 0xd3, 0x28, 0x19, 0x95, 0x95, 0xfa, 0xb6, 0x3d, 0xac, 0xd9, 0x2d, 0xa4, 0xc9, 0xf4, + 0x12, 0x89, 0xf7, 0x39, 0x71, 0x37, 0xed, 0x94, 0x5f, 0x0c, 0xd8, 0xfb, 0x03, 0xaa, 0x95, 0x14, + 0x1a, 0xd9, 0xd1, 0x1c, 0x75, 0xe7, 0x9b, 0x9a, 0x8d, 0xa7, 0xd8, 0x06, 0xbc, 0x7d, 0x8c, 0xf3, + 0x4b, 0x4f, 0xef, 0xe3, 0xbc, 0x91, 0x29, 0x58, 0x15, 0x40, 0xa5, 0xb4, 0xee, 0x35, 0x8e, 0xcc, + 0x5c, 0xc9, 0xa8, 0x14, 0xe6, 0x5a, 0x05, 0x35, 0x75, 0xb1, 0x13, 0x80, 0x98, 0x13, 0x76, 0xc3, + 0x20, 0x0a, 0xc8, 0xfc, 0x97, 0x9a, 0xb6, 0x12, 0x93, 0xcb, 0x09, 0x2f, 0x92, 0xf0, 0x57, 0x4f, + 0x21, 0x9e, 0x8e, 0x8f, 0xe1, 0x33, 0x89, 0x1f, 0x93, 0xb8, 0xfe, 0x60, 0xc0, 0xea, 0xec, 0xdb, + 0xd8, 0x9d, 0x01, 0xeb, 0x3f, 0x1e, 0xc8, 0x2a, 0x89, 0x60, 0x91, 0xc5, 0x5a, 0xd5, 0x05, 0x9a, + 0xd9, 0x3a, 0xca, 0xa5, 0xdb, 0xe7, 0xd7, 0xfb, 0x9c, 0xc5, 0x4c, 0x67, 0x58, 0x73, 0xe6, 0x2e, + 0xc1, 0xd1, 0xfa, 0xca, 0xf1, 0x78, 0xe3, 0x10, 0x8a, 0x9e, 0x8c, 0x6c, 0x4d, 0xb1, 0x14, 0x7e, + 0x3f, 0xb2, 0xb9, 0x0a, 0x12, 0xbc, 0x0a, 0x07, 0x51, 0x2f, 0x10, 0x7e, 0x63, 0x73, 0x56, 0xd4, + 0x9e, 0xa4, 0xbd, 0xe5, 0xf4, 0x14, 0x0e, 0xbe, 0x02, 0x00, 0x00, 0xff, 0xff, 0xd7, 0x41, 0x07, + 0xb5, 0x5e, 0x02, 0x00, 0x00, +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// ControlPanelClient is the client API for ControlPanel service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type ControlPanelClient interface { + // GetSSHCAPublicKey retrieves the SSH CA public key. + GetSSHCAPublicKey(ctx context.Context, in *ControlPanelGetSSHCAPublicKeyRequest, opts ...grpc.CallOption) (*ControlPanelGetSSHCAPublicKeyResponse, error) +} + +type controlPanelClient struct { + cc *grpc.ClientConn +} + +func NewControlPanelClient(cc *grpc.ClientConn) ControlPanelClient { + return &controlPanelClient{cc} +} + +func (c *controlPanelClient) GetSSHCAPublicKey(ctx context.Context, in *ControlPanelGetSSHCAPublicKeyRequest, opts ...grpc.CallOption) (*ControlPanelGetSSHCAPublicKeyResponse, error) { + out := new(ControlPanelGetSSHCAPublicKeyResponse) + err := c.cc.Invoke(ctx, "/v1.ControlPanel/GetSSHCAPublicKey", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ControlPanelServer is the server API for ControlPanel service. +type ControlPanelServer interface { + // GetSSHCAPublicKey retrieves the SSH CA public key. + GetSSHCAPublicKey(context.Context, *ControlPanelGetSSHCAPublicKeyRequest) (*ControlPanelGetSSHCAPublicKeyResponse, error) +} + +// UnimplementedControlPanelServer can be embedded to have forward compatible implementations. +type UnimplementedControlPanelServer struct { +} + +func (*UnimplementedControlPanelServer) GetSSHCAPublicKey(ctx context.Context, req *ControlPanelGetSSHCAPublicKeyRequest) (*ControlPanelGetSSHCAPublicKeyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetSSHCAPublicKey not implemented") +} + +func RegisterControlPanelServer(s *grpc.Server, srv ControlPanelServer) { + s.RegisterService(&_ControlPanel_serviceDesc, srv) +} + +func _ControlPanel_GetSSHCAPublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ControlPanelGetSSHCAPublicKeyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ControlPanelServer).GetSSHCAPublicKey(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/v1.ControlPanel/GetSSHCAPublicKey", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ControlPanelServer).GetSSHCAPublicKey(ctx, req.(*ControlPanelGetSSHCAPublicKeyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _ControlPanel_serviceDesc = grpc.ServiceDesc{ + ServiceName: "v1.ControlPanel", + HandlerType: (*ControlPanelServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "GetSSHCAPublicKey", + Handler: _ControlPanel_GetSSHCAPublicKey_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "control_panel.proto", +} diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/nodes.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/nodes.pb.go index 335a1945..b849896a 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/nodes.pb.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/nodes.pb.go @@ -689,7 +689,7 @@ func (*Node) XXX_OneofWrappers() []interface{} { type Relay struct { // Unique identifier of the Relay. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Unique human-readable name of the Relay. Generated if not provided on create. + // Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // The current state of the relay. One of: "new", "verifying_restart", // "awaiting_restart", "restarting", "started", "stopped", "dead", @@ -759,7 +759,7 @@ func (m *Relay) GetTags() *Tags { type Gateway struct { // Unique identifier of the Gateway. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - // Unique human-readable name of the Gateway. Generated if not provided on create. + // Unique human-readable name of the Gateway. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // The current state of the gateway. One of: "new", "verifying_restart", // "restarting", "started", "stopped", "dead", "unknown" diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/role_grants.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/role_grants.pb.go index c4258202..9a963f31 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/role_grants.pb.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/role_grants.pb.go @@ -469,8 +469,7 @@ func (m *RoleGrantListResponse) GetRateLimit() *RateLimitMetadata { return nil } -// A RoleGrant connects a resource to a role, granting members of the role -// access to that resource. +// A RoleGrant connects a resource to a role, granting members of the role access to that resource. type RoleGrant struct { // Unique identifier of the RoleGrant. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/roles.pb.go b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/roles.pb.go index 5664339a..795d4959 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/roles.pb.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/internal/v1/roles.pb.go @@ -592,7 +592,7 @@ func (m *RoleListResponse) GetRateLimit() *RateLimitMetadata { return nil } -// A Role is a collection of permissions, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles. +// A Role is a collection of access grants, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles. type Role struct { // Unique identifier of the Role. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/models.go b/vendor/github.com/strongdm/strongdm-sdk-go/models.go index 2684fdd6..67659522 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/models.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/models.go @@ -90,7 +90,7 @@ type AccountAttachmentDeleteResponse struct { RateLimit *RateLimitMetadata `json:"rate_limit"` } -// AccountAttachments assign an account to a role. +// AccountAttachments assign an account to a role or composite role. type AccountAttachment struct { // Unique identifier of the AccountAttachment. ID string `json:"id"` @@ -186,10 +186,9 @@ type AccountDeleteResponse struct { RateLimit *RateLimitMetadata `json:"rate_limit"` } -// Accounts are users that have access to strongDM. -// There are two types of accounts: -// 1. **Regular users:** humans who are authenticated through username and password or SSO -// 2. **Service users:** machines that are authneticated using a service token +// Accounts are users that have access to strongDM. There are two types of accounts: +// 1. **Users:** humans who are authenticated through username and password or SSO. +// 2. **Service Accounts:** machines that are authenticated using a service token. type Account interface { // GetID returns the unique identifier of the Account. GetID() string @@ -283,6 +282,18 @@ type Service struct { Tags Tags `json:"tags"` } +// ControlPanelGetSSHCAPublicKeyResponse represents a request for an +// organization's SSH Certificate Authority public key. +type ControlPanelGetSSHCAPublicKeyResponse struct { + // Reserved for future use. + Meta *GetResponseMetadata `json:"meta"` + // The public key of the SSH Certificate Authority, in OpenSSH RSA public + // key format. + PublicKey string `json:"public_key"` + // Rate limit information. + RateLimit *RateLimitMetadata `json:"rate_limit"` +} + // A Resource is a database or server for which strongDM manages access. type Resource interface { // GetID returns the unique identifier of the Resource. @@ -2638,7 +2649,7 @@ func (m *Gateway) SetTags(v Tags) { type Relay struct { // Unique identifier of the Relay. ID string `json:"id"` - // Unique human-readable name of the Relay. Generated if not provided on create. + // Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. Name string `json:"name"` // The current state of the relay. One of: "new", "verifying_restart", // "awaiting_restart", "restarting", "started", "stopped", "dead", @@ -2652,7 +2663,7 @@ type Relay struct { type Gateway struct { // Unique identifier of the Gateway. ID string `json:"id"` - // Unique human-readable name of the Gateway. Generated if not provided on create. + // Unique human-readable name of the Gateway. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create. Name string `json:"name"` // The current state of the gateway. One of: "new", "verifying_restart", // "restarting", "started", "stopped", "dead", "unknown" @@ -2771,8 +2782,7 @@ type RoleGrantDeleteResponse struct { RateLimit *RateLimitMetadata `json:"rate_limit"` } -// A RoleGrant connects a resource to a role, granting members of the role -// access to that resource. +// A RoleGrant connects a resource to a role, granting members of the role access to that resource. type RoleGrant struct { // Unique identifier of the RoleGrant. ID string `json:"id"` @@ -2822,7 +2832,7 @@ type RoleDeleteResponse struct { RateLimit *RateLimitMetadata `json:"rate_limit"` } -// A Role is a collection of permissions, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles. +// A Role is a collection of access grants, and typically corresponds to a team, Active Directory OU, or other organizational unit. Users are granted access to resources by assigning them to roles. type Role struct { // Unique identifier of the Role. ID string `json:"id"` diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/plumbing.go b/vendor/github.com/strongdm/strongdm-sdk-go/plumbing.go index a3b6557a..75ddd8f0 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/plumbing.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/plumbing.go @@ -829,6 +829,44 @@ func convertRepeatedServiceToPorcelain(plumbings []*proto.Service) []*Service { } return items } +func convertControlPanelGetSSHCAPublicKeyResponseToPorcelain(plumbing *proto.ControlPanelGetSSHCAPublicKeyResponse) *ControlPanelGetSSHCAPublicKeyResponse { + if plumbing == nil { + return nil + } + porcelain := &ControlPanelGetSSHCAPublicKeyResponse{} + porcelain.Meta = convertGetResponseMetadataToPorcelain(plumbing.Meta) + porcelain.PublicKey = (plumbing.PublicKey) + porcelain.RateLimit = convertRateLimitMetadataToPorcelain(plumbing.RateLimit) + return porcelain +} + +func convertControlPanelGetSSHCAPublicKeyResponseToPlumbing(porcelain *ControlPanelGetSSHCAPublicKeyResponse) *proto.ControlPanelGetSSHCAPublicKeyResponse { + if porcelain == nil { + return nil + } + plumbing := &proto.ControlPanelGetSSHCAPublicKeyResponse{} + plumbing.Meta = convertGetResponseMetadataToPlumbing(porcelain.Meta) + plumbing.PublicKey = (porcelain.PublicKey) + plumbing.RateLimit = convertRateLimitMetadataToPlumbing(porcelain.RateLimit) + return plumbing +} +func convertRepeatedControlPanelGetSSHCAPublicKeyResponseToPlumbing( + porcelains []*ControlPanelGetSSHCAPublicKeyResponse, +) []*proto.ControlPanelGetSSHCAPublicKeyResponse { + var items []*proto.ControlPanelGetSSHCAPublicKeyResponse + for _, porcelain := range porcelains { + items = append(items, convertControlPanelGetSSHCAPublicKeyResponseToPlumbing(porcelain)) + } + return items +} + +func convertRepeatedControlPanelGetSSHCAPublicKeyResponseToPorcelain(plumbings []*proto.ControlPanelGetSSHCAPublicKeyResponse) []*ControlPanelGetSSHCAPublicKeyResponse { + var items []*ControlPanelGetSSHCAPublicKeyResponse + for _, plumbing := range plumbings { + items = append(items, convertControlPanelGetSSHCAPublicKeyResponseToPorcelain(plumbing)) + } + return items +} func convertResourceToPlumbing(porcelain Resource) *proto.Resource { if porcelain == nil { return nil diff --git a/vendor/github.com/strongdm/strongdm-sdk-go/svc.go b/vendor/github.com/strongdm/strongdm-sdk-go/svc.go index 477bf4aa..ea4ccca3 100644 --- a/vendor/github.com/strongdm/strongdm-sdk-go/svc.go +++ b/vendor/github.com/strongdm/strongdm-sdk-go/svc.go @@ -23,7 +23,7 @@ import ( plumbing "github.com/strongdm/strongdm-sdk-go/internal/v1" ) -// AccountAttachments assign an account to a role. +// AccountAttachments assign an account to a role or composite role. type AccountAttachments struct { client plumbing.AccountAttachmentsClient parent *Client @@ -319,10 +319,9 @@ func (svc *AccountGrants) List( ), nil } -// Accounts are users that have access to strongDM. -// There are two types of accounts: -// 1. **Regular users:** humans who are authenticated through username and password or SSO -// 2. **Service users:** machines that are authneticated using a service token +// Accounts are users that have access to strongDM. There are two types of accounts: +// 1. **Users:** humans who are authenticated through username and password or SSO. +// 2. **Service Accounts:** machines that are authenticated using a service token. type Accounts struct { client plumbing.AccountsClient parent *Client @@ -503,10 +502,45 @@ func (svc *Accounts) List( ), nil } -// Nodes make up the strongDM network, and allow your users to connect securely to your resources. -// There are two types of nodes: -// 1. **Relay:** creates connectivity to your datasources, while maintaining the egress-only nature of your firewall -// 1. **Gateways:** a relay that also listens for connections from strongDM clients +// ControlPanel contains all administrative controls. +type ControlPanel struct { + client plumbing.ControlPanelClient + parent *Client +} + +// GetSSHCAPublicKey retrieves the SSH CA public key. +func (svc *ControlPanel) GetSSHCAPublicKey( + ctx context.Context) ( + *ControlPanelGetSSHCAPublicKeyResponse, + error) { + req := &plumbing.ControlPanelGetSSHCAPublicKeyRequest{} + + var plumbingResponse *plumbing.ControlPanelGetSSHCAPublicKeyResponse + var err error + i := 0 + for { + plumbingResponse, err = svc.client.GetSSHCAPublicKey(svc.parent.wrapContext(ctx, req, "ControlPanel.GetSSHCAPublicKey"), req) + if err != nil { + if !svc.parent.shouldRetry(i, err) { + return nil, convertErrorToPorcelain(err) + } + i++ + svc.parent.jitterSleep(i) + continue + } + break + } + + resp := &ControlPanelGetSSHCAPublicKeyResponse{} + resp.Meta = convertGetResponseMetadataToPorcelain(plumbingResponse.Meta) + resp.PublicKey = (plumbingResponse.PublicKey) + resp.RateLimit = convertRateLimitMetadataToPorcelain(plumbingResponse.RateLimit) + return resp, nil +} + +// Nodes make up the strongDM network, and allow your users to connect securely to your resources. There are two types of nodes: +// - **Gateways** are the entry points into network. They listen for connection from the strongDM client, and provide access to databases and servers. +// - **Relays** are used to extend the strongDM network into segmented subnets. They provide access to databases and servers but do not listen for incoming connections. type Nodes struct { client plumbing.NodesClient parent *Client diff --git a/vendor/modules.txt b/vendor/modules.txt index 210087f4..139e33ca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -213,7 +213,7 @@ github.com/posener/complete/match # github.com/spf13/afero v1.2.2 github.com/spf13/afero github.com/spf13/afero/mem -# github.com/strongdm/strongdm-sdk-go v0.9.18 +# github.com/strongdm/strongdm-sdk-go v0.9.19 github.com/strongdm/strongdm-sdk-go github.com/strongdm/strongdm-sdk-go/internal/v1 # github.com/ulikunitz/xz v0.5.5