store

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2023 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_controller_storage_auth_ldap_store_v1_ldap_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Account 

type Account struct {

	// public_id is the PK and is the external public identifier of the account
	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// auth_method_id is the FK to the Account's LDAP auth method.
	// @inject_tag: `gorm:"not_null"`
	AuthMethodId string `protobuf:"bytes,40,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty" gorm:"not_null"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,50,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,60,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// The scope_id of the owning scope. Must be set. The scope_id column is not
	// included here as it is used only to ensure data integrity in the database
	// between iam users and auth methods.
	// @inject_tag: `gorm:"not_null"`
	ScopeId string `protobuf:"bytes,70,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"`
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// login_name of the authenticated user.  This is the login_name (or username)
	// entered by the user when authenticating (typically the uid or cn
	// attribute).  Account login names must be lower case.
	// @inject_tag: `gorm:"not_null"`
	LoginName string `protobuf:"bytes,90,opt,name=login_name,json=loginName,proto3" json:"login_name,omitempty" gorm:"not_null"`
	// full_name is a string that maps to the name attribute for the authenticated
	// user.  This attribute is updated every time a user successfully
	// authenticates.
	// @inject_tag: `gorm:"default:null"`
	FullName string `protobuf:"bytes,100,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty" gorm:"default:null"`
	// email is a string that maps to the email address attribute for the
	// authenticated user.  This attribute is updated every time a user
	// successfully authenticates.
	// @inject_tag: `gorm:"default:null"`
	Email string `protobuf:"bytes,110,opt,name=email,proto3" json:"email,omitempty" gorm:"default:null"`
	// dn is the distinguished name authenticated user's entry.  Will be null until
	// the user's first successful authentication.  This attribute is updated
	// every time a user successfully authenticates.
	// @inject_tag: `gorm:"default:null"`
	Dn string `protobuf:"bytes,120,opt,name=dn,proto3" json:"dn,omitempty" gorm:"default:null"`
	// member_of_groups are the json marshalled groups the authenticated user is a
	// member of. Will be null until the user's first successful authentication.
	// This attribute is updated every time a user successfully authenticates.
	// @inject_tag: `gorm:"default:null"`
	MemberOfGroups string `` /* 127-byte string literal not displayed */
	// contains filtered or unexported fields
}

Account respresent Accounts associated with an LDAP auth method.

func (*Account) Descriptor deprecated 

func (*Account) Descriptor() ([]byte, []int)

Deprecated: Use Account.ProtoReflect.Descriptor instead.

func (*Account) GetAuthMethodId 

func (x *Account) GetAuthMethodId() string

func (*Account) GetCreateTime 

func (x *Account) GetCreateTime() *timestamp.Timestamp

func (*Account) GetDescription 

func (x *Account) GetDescription() string

func (*Account) GetDn 

func (x *Account) GetDn() string

func (*Account) GetEmail 

func (x *Account) GetEmail() string

func (*Account) GetFullName 

func (x *Account) GetFullName() string

func (*Account) GetLoginName 

func (x *Account) GetLoginName() string

func (*Account) GetMemberOfGroups 

func (x *Account) GetMemberOfGroups() string

func (*Account) GetName 

func (x *Account) GetName() string

func (*Account) GetPublicId 

func (x *Account) GetPublicId() string

func (*Account) GetScopeId 

func (x *Account) GetScopeId() string

func (*Account) GetUpdateTime 

func (x *Account) GetUpdateTime() *timestamp.Timestamp

func (*Account) GetVersion 

func (x *Account) GetVersion() uint32

func (*Account) ProtoMessage 

func (*Account) ProtoMessage()

func (*Account) ProtoReflect 

func (x *Account) ProtoReflect() protoreflect.Message

func (*Account) Reset 

func (x *Account) Reset()

func (*Account) String 

func (x *Account) String() string

type AccountAttributeMap 

type AccountAttributeMap struct {

	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,10,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// from_attribute is the attribute from the user's entry that you need to map
	// to a standard account attribute.
	// @inject_tag: `gorm:"not_null"`
	FromAttribute string `protobuf:"bytes,20,opt,name=from_attribute,json=fromAttribute,proto3" json:"from_attribute,omitempty" gorm:"not_null"`
	// to_attribute is the standard account attribute to map the from_attribute
	// to.  Valid values are: fullname, email
	// @inject_tag: `gorm:"column:to_attribute;primary_key"`
	ToAttribute string `` /* 134-byte string literal not displayed */
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,40,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

AccountAttributeMap entries are optional from/to account attribute maps.

func (*AccountAttributeMap) Descriptor deprecated 

func (*AccountAttributeMap) Descriptor() ([]byte, []int)

Deprecated: Use AccountAttributeMap.ProtoReflect.Descriptor instead.

func (*AccountAttributeMap) GetCreateTime 

func (x *AccountAttributeMap) GetCreateTime() *timestamp.Timestamp

func (*AccountAttributeMap) GetFromAttribute 

func (x *AccountAttributeMap) GetFromAttribute() string

func (*AccountAttributeMap) GetLdapMethodId 

func (x *AccountAttributeMap) GetLdapMethodId() string

func (*AccountAttributeMap) GetToAttribute 

func (x *AccountAttributeMap) GetToAttribute() string

func (*AccountAttributeMap) ProtoMessage 

func (*AccountAttributeMap) ProtoMessage()

func (*AccountAttributeMap) ProtoReflect 

func (x *AccountAttributeMap) ProtoReflect() protoreflect.Message

func (*AccountAttributeMap) Reset 

func (x *AccountAttributeMap) Reset()

func (*AccountAttributeMap) String 

func (x *AccountAttributeMap) String() string

type AuthMethod 

type AuthMethod struct {

	// public_id is the PK and is the external public identifier of the auth
	// method.
	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// The scope_id of the owning scope. Must be set.
	// @inject_tag: `gorm:"not_null"`
	ScopeId string `protobuf:"bytes,60,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"`
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// operational_state is the current state of the auth_ldap_method (inactive,
	// active-private, or active-public).
	// @inject_tag: `gorm:"column:state;not_null"`
	OperationalState string `` /* 139-byte string literal not displayed */
	// start_tls if true, issues a StartTLS command after establishing an
	// unencrypted connection. Defaults to false.
	// @inject_tag: `gorm:"not_null"`
	StartTls bool `protobuf:"varint,90,opt,name=start_tls,json=startTls,proto3" json:"start_tls,omitempty" gorm:"not_null"`
	// insecure_tls if true, skips LDAP server SSL certificate validation -
	// insecure and use with caution. Defaults to false.
	// @inject_tag: `gorm:"not_null;default:false"`
	InsecureTls bool `` /* 127-byte string literal not displayed */
	// discover_dn if true, use anon bind to discover the bind DN of a user.
	// Defaults to false.
	// @inject_tag: `gorm:"not_null;default:false"`
	DiscoverDn bool `protobuf:"varint,110,opt,name=discover_dn,json=discoverDn,proto3" json:"discover_dn,omitempty" gorm:"not_null;default:false"`
	// anon_group_search if true, use anon bind when performing LDAP group
	// searches. Defaults to false.
	// @inject_tag: `gorm:"not_null;default:false"`
	AnonGroupSearch bool `` /* 141-byte string literal not displayed */
	// upn_domain is the userPrincipalDomain used to construct the UPN string for
	// the authenticating user. The constructed UPN will appear as
	// [username]@UPNDomain  Example: example.com, which will cause Boundary to
	// bind as username@example.com when authenticating the user.
	// @inject_tag: `gorm:"default:null"`
	UpnDomain string `protobuf:"bytes,130,opt,name=upn_domain,json=upnDomain,proto3" json:"upn_domain,omitempty" gorm:"default:null"`
	// urls are the LDAP URLS that specify LDAP servers to connection to.  There
	// must be at lease on URL for each LDAP auth method. When attempting to
	// connect, the URLs are tried in the order specified. These are Value Objects
	// that will be stored as Url messages, and are operated on as a complete set
	// (not individually).
	// @inject_tag: `gorm:"-"`
	Urls []string `protobuf:"bytes,140,rep,name=urls,proto3" json:"urls,omitempty" gorm:"-"`
	// user_dn (optional) is the base DN under which to perform user search.
	// Example: ou=Users,dc=example,dc=com
	// @inject_tag: `gorm:"-"`
	UserDn string `protobuf:"bytes,150,opt,name=user_dn,json=userDn,proto3" json:"user_dn,omitempty" gorm:"-"`
	// user_attr (optional) is the attribute on user's entry matching the username
	// passed when authenticating.  Examples: cn, uid
	// @inject_tag: `gorm:"-"`
	UserAttr string `protobuf:"bytes,160,opt,name=user_attr,json=userAttr,proto3" json:"user_attr,omitempty" gorm:"-"`
	// user_filter (optional) is a go template used to construct a LDAP user
	// search filter. The template can access the following context variables:
	// [UserAttr, Username]. The default userfilter is
	// ({{.UserAttr}}={{.Username}}) or
	// (userPrincipalName={{.Username}}@UPNDomain) if the upndomain parameter is
	// set.
	// @inject_tag: `gorm:"-"`
	UserFilter string `protobuf:"bytes,170,opt,name=user_filter,json=userFilter,proto3" json:"user_filter,omitempty" gorm:"-"`
	// enable_groups if true, an authenticated user's groups will be found during
	// authentication. Defaults to false.
	// @inject_tag: `gorm:"not_null;default:false"`
	EnableGroups bool `` /* 130-byte string literal not displayed */
	// group_dn (optional) is the base DN under which to perform group search.
	// Example: ou=Groups,dc=example,dc=com
	//
	// Note: there is no default, so no base dn will be used for group searches if
	// it's not specified.
	// @inject_tag: `gorm:"-"`
	GroupDn string `protobuf:"bytes,180,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty" gorm:"-"`
	// group_attr (optional) is the LDAP attribute to follow on objects returned
	// by GroupFilter in order to enumerate user group membership. Examples: for
	// GroupFilter queries returning group objects, use: cn. For queries returning
	// user objects, use: memberOf. The default is cn.
	// @inject_tag: `gorm:"-"`
	GroupAttr string `protobuf:"bytes,190,opt,name=group_attr,json=groupAttr,proto3" json:"group_attr,omitempty" gorm:"-"`
	// group_filter (optional) is a Go template used when constructing the group
	// membership query. The template can access the following context variables:
	// [UserDN, Username]. The default is
	// (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})),
	// which is compatible with several common directory schemas.
	// @inject_tag: `gorm:"-"`
	GroupFilter string `protobuf:"bytes,200,opt,name=group_filter,json=groupFilter,proto3" json:"group_filter,omitempty" gorm:"-"`
	// certificates are optional PEM encoded x509 certificates in ASN.1 DER form
	// that can be used as trust anchors when connecting to an LDAP provider.
	// These are Value Objects that will be stored as Certificate messages, and
	// are operated on as a complete set (not individually).
	// @inject_tag: `gorm:"-"`
	Certificates []string `protobuf:"bytes,210,rep,name=certificates,proto3" json:"certificates,omitempty" gorm:"-"`
	// client_certificate is the certificate in ASN.1 DER form encoded as PEM. It
	// must be set.
	// @inject_tag: `gorm:"-"`
	ClientCertificate string `protobuf:"bytes,220,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty" gorm:"-"`
	// client_certificate_key (optional) is the plain-text of the certificate key
	// data in PKCS #8, ASN.1 DER form. We are not storing this plain-text key in
	// the database.
	// @inject_tag: `gorm:"-"`
	ClientCertificateKey []byte `` /* 134-byte string literal not displayed */
	// client_certificate_key_hmac is a sha256-hmac of the unencrypted
	// client_certificate_key_hmac that is returned from the API for read.  It is
	// recalculated everytime the raw client_certificate_key_hmac is updated in
	// the database.
	// @inject_tag: `gorm:"-"`
	ClientCertificateKeyHmac []byte `` /* 148-byte string literal not displayed */
	// bind_dn (optional) is the distinguished name of entry to bind when
	// performing user and group search. Example:
	// cn=vault,ou=Users,dc=example,dc=com
	// @inject_tag: `gorm:"-"`
	BindDn string `protobuf:"bytes,250,opt,name=bind_dn,json=bindDn,proto3" json:"bind_dn,omitempty" gorm:"-"`
	// bind_password (optional) is the password to use along with binddn when
	// performing user search. (This plaintext is not stored in the database)
	// @inject_tag: `gorm:"-"`
	BindPassword string `protobuf:"bytes,260,opt,name=bind_password,json=bindPassword,proto3" json:"bind_password,omitempty" gorm:"-"`
	// bind_password_hmac is a sha256-hmac of the unencrypted bind_password that
	// is returned from the API for read.  It is recalculated everytime the raw
	// password is updated in the database.
	// @inject_tag: `gorm:"-"`
	BindPasswordHmac []byte `protobuf:"bytes,270,opt,name=bind_password_hmac,json=bindPasswordHmac,proto3" json:"bind_password_hmac,omitempty" gorm:"-"`
	// is_primary_auth_method is a read-only output field which indicates if the
	// auth method is set as the scope's primary auth method.
	// @inject_tag: `gorm:"-"`
	IsPrimaryAuthMethod bool `` /* 134-byte string literal not displayed */
	// use_token_groups if true, use the Active Directory tokenGroups constructed
	// attribute of the user to find the group memberships. This will find all
	// security groups including nested ones.
	// @inject_tag: `gorm:"not_null;default:false"`
	UseTokenGroups bool `` /* 138-byte string literal not displayed */
	// account_attribute_maps are optional attribute maps from custom attributes
	// to the standard attributes of fullname and email.  These maps are
	// represented as key=value where the key equals the from_attribute and the
	// value equals the to_attribute.  For example "preferredName=fullName".  All
	// attribute names are case insensitive.
	// @inject_tag: `gorm:"-"`
	AccountAttributeMaps []string `` /* 134-byte string literal not displayed */
	// contains filtered or unexported fields
}

AuthMethod represents an LDAP auth method.

func (*AuthMethod) Descriptor deprecated 

func (*AuthMethod) Descriptor() ([]byte, []int)

Deprecated: Use AuthMethod.ProtoReflect.Descriptor instead.

func (*AuthMethod) GetAccountAttributeMaps 

func (x *AuthMethod) GetAccountAttributeMaps() []string

func (*AuthMethod) GetAnonGroupSearch 

func (x *AuthMethod) GetAnonGroupSearch() bool

func (*AuthMethod) GetBindDn 

func (x *AuthMethod) GetBindDn() string

func (*AuthMethod) GetBindPassword 

func (x *AuthMethod) GetBindPassword() string

func (*AuthMethod) GetBindPasswordHmac 

func (x *AuthMethod) GetBindPasswordHmac() []byte

func (*AuthMethod) GetCertificates 

func (x *AuthMethod) GetCertificates() []string

func (*AuthMethod) GetClientCertificate 

func (x *AuthMethod) GetClientCertificate() string

func (*AuthMethod) GetClientCertificateKey 

func (x *AuthMethod) GetClientCertificateKey() []byte

func (*AuthMethod) GetClientCertificateKeyHmac 

func (x *AuthMethod) GetClientCertificateKeyHmac() []byte

func (*AuthMethod) GetCreateTime 

func (x *AuthMethod) GetCreateTime() *timestamp.Timestamp

func (*AuthMethod) GetDescription 

func (x *AuthMethod) GetDescription() string

func (*AuthMethod) GetDiscoverDn 

func (x *AuthMethod) GetDiscoverDn() bool

func (*AuthMethod) GetEnableGroups 

func (x *AuthMethod) GetEnableGroups() bool

func (*AuthMethod) GetGroupAttr 

func (x *AuthMethod) GetGroupAttr() string

func (*AuthMethod) GetGroupDn 

func (x *AuthMethod) GetGroupDn() string

func (*AuthMethod) GetGroupFilter 

func (x *AuthMethod) GetGroupFilter() string

func (*AuthMethod) GetInsecureTls 

func (x *AuthMethod) GetInsecureTls() bool

func (*AuthMethod) GetIsPrimaryAuthMethod 

func (x *AuthMethod) GetIsPrimaryAuthMethod() bool

func (*AuthMethod) GetName 

func (x *AuthMethod) GetName() string

func (*AuthMethod) GetOperationalState 

func (x *AuthMethod) GetOperationalState() string

func (*AuthMethod) GetPublicId 

func (x *AuthMethod) GetPublicId() string

func (*AuthMethod) GetScopeId 

func (x *AuthMethod) GetScopeId() string

func (*AuthMethod) GetStartTls 

func (x *AuthMethod) GetStartTls() bool

func (*AuthMethod) GetUpdateTime 

func (x *AuthMethod) GetUpdateTime() *timestamp.Timestamp

func (*AuthMethod) GetUpnDomain 

func (x *AuthMethod) GetUpnDomain() string

func (*AuthMethod) GetUrls 

func (x *AuthMethod) GetUrls() []string

func (*AuthMethod) GetUseTokenGroups 

func (x *AuthMethod) GetUseTokenGroups() bool

func (*AuthMethod) GetUserAttr 

func (x *AuthMethod) GetUserAttr() string

func (*AuthMethod) GetUserDn 

func (x *AuthMethod) GetUserDn() string

func (*AuthMethod) GetUserFilter 

func (x *AuthMethod) GetUserFilter() string

func (*AuthMethod) GetVersion 

func (x *AuthMethod) GetVersion() uint32

func (*AuthMethod) ProtoMessage 

func (*AuthMethod) ProtoMessage()

func (*AuthMethod) ProtoReflect 

func (x *AuthMethod) ProtoReflect() protoreflect.Message

func (*AuthMethod) Reset 

func (x *AuthMethod) Reset()

func (*AuthMethod) String 

func (x *AuthMethod) String() string

type BindCredential 

type BindCredential struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the BindCredential's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// dn is the distinguished name of the entry to bind when performing
	// user and group search. Example: cn=vault,ou=Users,dc=example,dc=com
	// @inject_tag: `gorm:"not_null"`
	Dn string `protobuf:"bytes,30,opt,name=dn,proto3" json:"dn,omitempty" gorm:"not_null"`
	// password is the plain-text password to use along with dn. We are not
	// storing this plain-text key in the database.
	// @inject_tag: `gorm:"-" wrapping:"pt,password_data"`
	Password []byte `protobuf:"bytes,40,opt,name=password,proto3" json:"password,omitempty" gorm:"-" wrapping:"pt,password_data"`
	// ct_password_key is the ciphertext of the password. It is stored in the database.
	// @inject_tag: `gorm:"column:password;not_null" wrapping:"ct,password_data"`
	CtPassword []byte `` /* 152-byte string literal not displayed */
	// password_hmac is a sha256-hmac of the unencrypted password that is returned
	// from the API for read.  It is recalculated everytime the raw password is
	// updated.
	// @inject_tag: `gorm:"not_null"`
	PasswordHmac []byte `protobuf:"bytes,60,opt,name=password_hmac,json=passwordHmac,proto3" json:"password_hmac,omitempty" gorm:"not_null"`
	// The key_id of the kms database key used for encrypting this entry.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	KeyId string `protobuf:"bytes,70,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

BindCredentail (optional) represent parameters which allow Boundary to bind (aka authenticate) using the credentials provided when searching for the user entry used to authenticate the end user.

func (*BindCredential) Descriptor deprecated 

func (*BindCredential) Descriptor() ([]byte, []int)

Deprecated: Use BindCredential.ProtoReflect.Descriptor instead.

func (*BindCredential) GetCreateTime 

func (x *BindCredential) GetCreateTime() *timestamp.Timestamp

func (*BindCredential) GetCtPassword 

func (x *BindCredential) GetCtPassword() []byte

func (*BindCredential) GetDn 

func (x *BindCredential) GetDn() string

func (*BindCredential) GetKeyId 

func (x *BindCredential) GetKeyId() string

func (*BindCredential) GetLdapMethodId 

func (x *BindCredential) GetLdapMethodId() string

func (*BindCredential) GetPassword 

func (x *BindCredential) GetPassword() []byte

func (*BindCredential) GetPasswordHmac 

func (x *BindCredential) GetPasswordHmac() []byte

func (*BindCredential) ProtoMessage 

func (*BindCredential) ProtoMessage()

func (*BindCredential) ProtoReflect 

func (x *BindCredential) ProtoReflect() protoreflect.Message

func (*BindCredential) Reset 

func (x *BindCredential) Reset()

func (*BindCredential) String 

func (x *BindCredential) String() string

type Certificate 

type Certificate struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the Certificate's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// certificate is a PEM encoded x509 in ASN.1 DER form.
	// @inject_tag: `gorm:"column:certificate;primary_key"`
	Cert string `protobuf:"bytes,30,opt,name=cert,proto3" json:"cert,omitempty" gorm:"column:certificate;primary_key"`
	// contains filtered or unexported fields
}

Certificate entries are optional PEM encoded x509 certificates. Each entry is a single certificate. An ldap auth method may have 0 or more of these optional x509s. If an auth method has any cert entries, they are used as trust anchors when connecting to the auth method's ldap provider (instead of the host system's cert chain).

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCert 

func (x *Certificate) GetCert() string

func (*Certificate) GetCreateTime 

func (x *Certificate) GetCreateTime() *timestamp.Timestamp

func (*Certificate) GetLdapMethodId 

func (x *Certificate) GetLdapMethodId() string

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type ClientCertificate 

type ClientCertificate struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the ClientCertificate's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// certificate is the PEM encoded certificate in ASN.1 DER.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	Certificate []byte `protobuf:"bytes,30,opt,name=certificate,proto3" json:"certificate,omitempty" gorm:"not_null"`
	// certificate_key is the plain-text of the certificate key data in PKCS #8,
	// ASN.1 DER form. We are not storing this plain-text key in the database.
	// @inject_tag: `gorm:"-" wrapping:"pt,certificate_key_data"`
	CertificateKey []byte `` /* 148-byte string literal not displayed */
	// ct_certificate_key is the ciphertext of the certificate key data. It
	// is stored in the database.
	// @inject_tag: `gorm:"column:certificate_key;not_null" wrapping:"ct,certificate_key_data"`
	CtCertificateKey []byte `` /* 186-byte string literal not displayed */
	// certificate_key_hmac is a sha256-hmac of the unencrypted certificate_key that
	// is returned from the API for read.  It is recalculated everytime the raw
	// certificate_key is updated.
	// @inject_tag: `gorm:"not_null"`
	CertificateKeyHmac []byte `` /* 134-byte string literal not displayed */
	// The key_id of the kms database key used for encrypting this entry.
	// It must be set.
	// @inject_tag: `gorm:"not_null"`
	KeyId string `protobuf:"bytes,70,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

ClientCertificate represent a set of optional configuration fields used for specifying a mTLS client cert for LDAP connections.

func (*ClientCertificate) Descriptor deprecated 

func (*ClientCertificate) Descriptor() ([]byte, []int)

Deprecated: Use ClientCertificate.ProtoReflect.Descriptor instead.

func (*ClientCertificate) GetCertificate 

func (x *ClientCertificate) GetCertificate() []byte

func (*ClientCertificate) GetCertificateKey 

func (x *ClientCertificate) GetCertificateKey() []byte

func (*ClientCertificate) GetCertificateKeyHmac 

func (x *ClientCertificate) GetCertificateKeyHmac() []byte

func (*ClientCertificate) GetCreateTime 

func (x *ClientCertificate) GetCreateTime() *timestamp.Timestamp

func (*ClientCertificate) GetCtCertificateKey 

func (x *ClientCertificate) GetCtCertificateKey() []byte

func (*ClientCertificate) GetKeyId 

func (x *ClientCertificate) GetKeyId() string

func (*ClientCertificate) GetLdapMethodId 

func (x *ClientCertificate) GetLdapMethodId() string

func (*ClientCertificate) ProtoMessage 

func (*ClientCertificate) ProtoMessage()

func (*ClientCertificate) ProtoReflect 

func (x *ClientCertificate) ProtoReflect() protoreflect.Message

func (*ClientCertificate) Reset 

func (x *ClientCertificate) Reset()

func (*ClientCertificate) String 

func (x *ClientCertificate) String() string

type GroupEntrySearchConf 

type GroupEntrySearchConf struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the GroupEntrySearchConf's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// group_dn is the base DN under which to perform user search. Example:
	// ou=Groups,dc=example,dc=com
	// @inject_tag: `gorm:"default:null"`
	GroupDn string `protobuf:"bytes,30,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty" gorm:"default:null"`
	// group_attr is the LDAP attribute to follow on objects returned by
	// GroupFilter in order to enumerate user group membership. Examples: for
	// GroupFilter queries returning group objects, use: cn. For queries returning
	// user objects, use: memberOf. The default is cn.
	// @inject_tag: `gorm:"default:null"`
	GroupAttr string `protobuf:"bytes,40,opt,name=group_attr,json=groupAttr,proto3" json:"group_attr,omitempty" gorm:"default:null"`
	// user_filter is a Go template used when constructing the group membership
	// query. The template can access the following context variables: [UserDN,
	// Username]. The default is
	// (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})),
	// which is compatible with several common directory schemas.
	// @inject_tag: `gorm:"default:null"`
	GroupFilter string `protobuf:"bytes,50,opt,name=group_filter,json=groupFilter,proto3" json:"group_filter,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

GroupEntrySearchConf represent a set of optional configuration fields used to search for group entries.

func (*GroupEntrySearchConf) Descriptor deprecated 

func (*GroupEntrySearchConf) Descriptor() ([]byte, []int)

Deprecated: Use GroupEntrySearchConf.ProtoReflect.Descriptor instead.

func (*GroupEntrySearchConf) GetCreateTime 

func (x *GroupEntrySearchConf) GetCreateTime() *timestamp.Timestamp

func (*GroupEntrySearchConf) GetGroupAttr 

func (x *GroupEntrySearchConf) GetGroupAttr() string

func (*GroupEntrySearchConf) GetGroupDn 

func (x *GroupEntrySearchConf) GetGroupDn() string

func (*GroupEntrySearchConf) GetGroupFilter 

func (x *GroupEntrySearchConf) GetGroupFilter() string

func (*GroupEntrySearchConf) GetLdapMethodId 

func (x *GroupEntrySearchConf) GetLdapMethodId() string

func (*GroupEntrySearchConf) ProtoMessage 

func (*GroupEntrySearchConf) ProtoMessage()

func (*GroupEntrySearchConf) ProtoReflect 

func (x *GroupEntrySearchConf) ProtoReflect() protoreflect.Message

func (*GroupEntrySearchConf) Reset 

func (x *GroupEntrySearchConf) Reset()

func (*GroupEntrySearchConf) String 

func (x *GroupEntrySearchConf) String() string

type ManagedGroup 

type ManagedGroup struct {

	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// The update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// name is optional. If set, it must be unique within auth_method_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,60,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// auth_method_id is the fk to the account's auth method.
	// @inject_tag: `gorm:"not_null"`
	AuthMethodId string `protobuf:"bytes,70,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty" gorm:"not_null"`
	// groups is json marshalled list of groups that make up the ManagedGroup
	// @inject_tag: `gorm:"not_null"`
	GroupNames string `protobuf:"bytes,80,opt,name=group_names,json=groupNames,proto3" json:"group_names,omitempty" gorm:"not_null"`
	// contains filtered or unexported fields
}

ManagedGroup entries provide an LDAP auth method implementation of managed groups.

func (*ManagedGroup) Descriptor deprecated 

func (*ManagedGroup) Descriptor() ([]byte, []int)

Deprecated: Use ManagedGroup.ProtoReflect.Descriptor instead.

func (*ManagedGroup) GetAuthMethodId 

func (x *ManagedGroup) GetAuthMethodId() string

func (*ManagedGroup) GetCreateTime 

func (x *ManagedGroup) GetCreateTime() *timestamp.Timestamp

func (*ManagedGroup) GetDescription 

func (x *ManagedGroup) GetDescription() string

func (*ManagedGroup) GetGroupNames 

func (x *ManagedGroup) GetGroupNames() string

func (*ManagedGroup) GetName 

func (x *ManagedGroup) GetName() string

func (*ManagedGroup) GetPublicId 

func (x *ManagedGroup) GetPublicId() string

func (*ManagedGroup) GetUpdateTime 

func (x *ManagedGroup) GetUpdateTime() *timestamp.Timestamp

func (*ManagedGroup) GetVersion 

func (x *ManagedGroup) GetVersion() uint32

func (*ManagedGroup) ProtoMessage 

func (*ManagedGroup) ProtoMessage()

func (*ManagedGroup) ProtoReflect 

func (x *ManagedGroup) ProtoReflect() protoreflect.Message

func (*ManagedGroup) Reset 

func (x *ManagedGroup) Reset()

func (*ManagedGroup) String 

func (x *ManagedGroup) String() string

type ManagedGroupMemberAccount 

type ManagedGroupMemberAccount struct {

	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// managed_group_id is the fk to the oidc managed group public id
	// @inject_tag: `gorm:"primary_key"`
	ManagedGroupId string `protobuf:"bytes,20,opt,name=managed_group_id,json=managedGroupId,proto3" json:"managed_group_id,omitempty" gorm:"primary_key"`
	// member_id is the fk to the oidc account public id
	// @inject_tag: `gorm:"primary_key"`
	MemberId string `protobuf:"bytes,30,opt,name=member_id,json=memberId,proto3" json:"member_id,omitempty" gorm:"primary_key"`
	// contains filtered or unexported fields
}

ManagedGroupMemberAccount contains a mapping between a managed group and a member account.

func (*ManagedGroupMemberAccount) Descriptor deprecated 

func (*ManagedGroupMemberAccount) Descriptor() ([]byte, []int)

Deprecated: Use ManagedGroupMemberAccount.ProtoReflect.Descriptor instead.

func (*ManagedGroupMemberAccount) GetCreateTime 

func (x *ManagedGroupMemberAccount) GetCreateTime() *timestamp.Timestamp

func (*ManagedGroupMemberAccount) GetManagedGroupId 

func (x *ManagedGroupMemberAccount) GetManagedGroupId() string

func (*ManagedGroupMemberAccount) GetMemberId 

func (x *ManagedGroupMemberAccount) GetMemberId() string

func (*ManagedGroupMemberAccount) ProtoMessage 

func (*ManagedGroupMemberAccount) ProtoMessage()

func (*ManagedGroupMemberAccount) ProtoReflect 

func (x *ManagedGroupMemberAccount) ProtoReflect() protoreflect.Message

func (*ManagedGroupMemberAccount) Reset 

func (x *ManagedGroupMemberAccount) Reset()

func (*ManagedGroupMemberAccount) String 

func (x *ManagedGroupMemberAccount) String() string

type Url 

type Url struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the URL's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// connection_priority represents the priority (aka order) of the url in the
	// list of ldap urls for the auth method.
	// @inject_tag: `gorm:"primary_key"`
	ConnectionPriority uint32 `` /* 136-byte string literal not displayed */
	// server_url is the LDAP server URL. The URL scheme must be either ldap or ldaps.
	// The port is optional.If no port is specified, then a default of 389 is used
	// for ldap and a default of 689 is used for ldaps. (see rfc4516 for more
	// information about LDAP URLs)
	// @inject_tag: `gorm:"column:url;not_null"`
	ServerUrl string `protobuf:"bytes,40,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty" gorm:"column:url;not_null"`
	// contains filtered or unexported fields
}

Url represents LDAP URLs that specify LDAP servers to connection to. There must be at lease on URL for each LDAP auth method.

func (*Url) Descriptor deprecated 

func (*Url) Descriptor() ([]byte, []int)

Deprecated: Use Url.ProtoReflect.Descriptor instead.

func (*Url) GetConnectionPriority 

func (x *Url) GetConnectionPriority() uint32

func (*Url) GetCreateTime 

func (x *Url) GetCreateTime() *timestamp.Timestamp

func (*Url) GetLdapMethodId 

func (x *Url) GetLdapMethodId() string

func (*Url) GetServerUrl 

func (x *Url) GetServerUrl() string

func (*Url) ProtoMessage 

func (*Url) ProtoMessage()

func (*Url) ProtoReflect 

func (x *Url) ProtoReflect() protoreflect.Message

func (*Url) Reset 

func (x *Url) Reset()

func (*Url) String 

func (x *Url) String() string

type UserEntrySearchConf 

type UserEntrySearchConf struct {

	// create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,10,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// ldap_method_id is the FK to the UserEntrySearchConf's LDAP auth method.
	// @inject_tag: `gorm:"primary_key"`
	LdapMethodId string `protobuf:"bytes,20,opt,name=ldap_method_id,json=ldapMethodId,proto3" json:"ldap_method_id,omitempty" gorm:"primary_key"`
	// user_dn is the base DN under which to perform user search. Example:
	// ou=Users,dc=example,dc=com
	// @inject_tag: `gorm:"default:null"`
	UserDn string `protobuf:"bytes,30,opt,name=user_dn,json=userDn,proto3" json:"user_dn,omitempty" gorm:"default:null"`
	// user_attr is the attribute on user attribute entry matching the username
	// passed when authenticating.  Examples: cn, uid
	// @inject_tag: `gorm:"default:null"`
	UserAttr string `protobuf:"bytes,40,opt,name=user_attr,json=userAttr,proto3" json:"user_attr,omitempty" gorm:"default:null"`
	// user_filter is a go template used to construct a LDAP user search filter.
	// The template can access the following context variables: [UserAttr,
	// Username]. The default userfilter is ({{.UserAttr}}={{.Username}}) or
	// (userPrincipalName={{.Username}}@UPNDomain) if the upndomain parameter is
	// set.
	// @inject_tag: `gorm:"default:null"`
	UserFilter string `protobuf:"bytes,50,opt,name=user_filter,json=userFilter,proto3" json:"user_filter,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

UserEntrySearchConf represent a set of optional configuration fields used to search for user entries.

func (*UserEntrySearchConf) Descriptor deprecated 

func (*UserEntrySearchConf) Descriptor() ([]byte, []int)

Deprecated: Use UserEntrySearchConf.ProtoReflect.Descriptor instead.

func (*UserEntrySearchConf) GetCreateTime 

func (x *UserEntrySearchConf) GetCreateTime() *timestamp.Timestamp

func (*UserEntrySearchConf) GetLdapMethodId 

func (x *UserEntrySearchConf) GetLdapMethodId() string

func (*UserEntrySearchConf) GetUserAttr 

func (x *UserEntrySearchConf) GetUserAttr() string

func (*UserEntrySearchConf) GetUserDn 

func (x *UserEntrySearchConf) GetUserDn() string

func (*UserEntrySearchConf) GetUserFilter 

func (x *UserEntrySearchConf) GetUserFilter() string

func (*UserEntrySearchConf) ProtoMessage 

func (*UserEntrySearchConf) ProtoMessage()

func (*UserEntrySearchConf) ProtoReflect 

func (x *UserEntrySearchConf) ProtoReflect() protoreflect.Message

func (*UserEntrySearchConf) Reset 

func (x *UserEntrySearchConf) Reset()

func (*UserEntrySearchConf) String 

func (x *UserEntrySearchConf) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.