store

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2021 License: MPL-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_controller_storage_auth_oidc_store_v1_oidc_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Account 

type Account struct {

	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// The update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,60,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// auth_method_id is the fk to the account's auth method.
	// @inject_tag: `gorm:"not_null"`
	AuthMethodId string `protobuf:"bytes,70,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty" gorm:"not_null"`
	// issuer is a case sensitive URL that maps to the OIDC iss claim
	// @inject_tag: `gorm:"not_null"`
	Issuer string `protobuf:"bytes,80,opt,name=issuer,proto3" json:"issuer,omitempty" gorm:"not_null"`
	// subject is a case sensitive string that maps to the OIDC sub claim.
	// @inject_tag: `gorm:"not_null"`
	Subject string `protobuf:"bytes,90,opt,name=subject,proto3" json:"subject,omitempty" gorm:"not_null"`
	// full_name is a string that maps to the OIDC name claim
	// @inject_tag: `gorm:"default:null"`
	FullName string `protobuf:"bytes,100,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty" gorm:"default:null"`
	// email is a string that maps to the OIDC email claim.
	// @inject_tag: `gorm:"default:null"`
	Email string `protobuf:"bytes,110,opt,name=email,proto3" json:"email,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

Account represents an OIDC account the scope_id column is not included here as it is used only to ensure data integrity in the database between iam users and auth methods.

func (*Account) Descriptor deprecated 

func (*Account) Descriptor() ([]byte, []int)

Deprecated: Use Account.ProtoReflect.Descriptor instead.

func (*Account) GetAuthMethodId 

func (x *Account) GetAuthMethodId() string

func (*Account) GetCreateTime 

func (x *Account) GetCreateTime() *timestamp.Timestamp

func (*Account) GetDescription 

func (x *Account) GetDescription() string

func (*Account) GetEmail 

func (x *Account) GetEmail() string

func (*Account) GetFullName 

func (x *Account) GetFullName() string

func (*Account) GetIssuer 

func (x *Account) GetIssuer() string

func (*Account) GetName 

func (x *Account) GetName() string

func (*Account) GetPublicId 

func (x *Account) GetPublicId() string

func (*Account) GetSubject 

func (x *Account) GetSubject() string

func (*Account) GetUpdateTime 

func (x *Account) GetUpdateTime() *timestamp.Timestamp

func (*Account) GetVersion 

func (x *Account) GetVersion() uint32

func (*Account) ProtoMessage 

func (*Account) ProtoMessage()

func (*Account) ProtoReflect 

func (x *Account) ProtoReflect() protoreflect.Message

func (*Account) Reset 

func (x *Account) Reset()

func (*Account) String 

func (x *Account) String() string

type AudClaim 

type AudClaim struct {

	// @inject_tag: `gorm:"primary_key"`
	OidcMethodId string `protobuf:"bytes,10,opt,name=oidc_method_id,json=oidcMethodId,proto3" json:"oidc_method_id,omitempty" gorm:"primary_key"`
	// aud is an allowed audience claim for id_tokens
	// @inject_tag: `gorm:"primary_key;column:aud_claim""`
	Aud string `protobuf:"bytes,20,opt,name=aud,proto3" json:"aud,omitempty" gorm:"primary_key;column:aud_claim"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

AudClaim entries are the audience claims for a specific oidc auth method.

func (*AudClaim) Descriptor deprecated 

func (*AudClaim) Descriptor() ([]byte, []int)

Deprecated: Use AudClaim.ProtoReflect.Descriptor instead.

func (*AudClaim) GetAud 

func (x *AudClaim) GetAud() string

func (*AudClaim) GetCreateTime 

func (x *AudClaim) GetCreateTime() *timestamp.Timestamp

func (*AudClaim) GetOidcMethodId 

func (x *AudClaim) GetOidcMethodId() string

func (*AudClaim) ProtoMessage 

func (*AudClaim) ProtoMessage()

func (*AudClaim) ProtoReflect 

func (x *AudClaim) ProtoReflect() protoreflect.Message

func (*AudClaim) Reset 

func (x *AudClaim) Reset()

func (*AudClaim) String 

func (x *AudClaim) String() string

type AuthMethod 

type AuthMethod struct {

	// @inject_tag: `gorm:"primary_key"`
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" gorm:"primary_key"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// The update_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	UpdateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// name is optional. If set, it must be unique within scope_id.
	// @inject_tag: `gorm:"default:null"`
	Name string `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" gorm:"default:null"`
	// description is optional.
	// @inject_tag: `gorm:"default:null"`
	Description string `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
	// The scope_id of the owning scope. Must be set.
	// @inject_tag: `gorm:"not_null"`
	ScopeId string `protobuf:"bytes,60,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"`
	// @inject_tag: `gorm:"default:null"`
	Version uint32 `protobuf:"varint,70,opt,name=version,proto3" json:"version,omitempty" gorm:"default:null"`
	// is_primary_auth_method is a read-only output field which indicates if the
	// auth method is set as the scope's primary auth method.
	// @inject_tag: `gorm:"-"`
	IsPrimaryAuthMethod bool `` /* 133-byte string literal not displayed */
	// operational_state is the current state of the auth_oidc_method (inactive,
	// active-private, or active-public).
	// @inject_tag: `gorm:"column:state;not_null"`
	OperationalState string `` /* 139-byte string literal not displayed */
	// disable_discovered_config_validation is a flag that when set to true
	// indicates the AuthMethod config was not validated against the IdP's
	// discovery info document when it was updated or its operational_state was
	// changed.
	// @inject_tag: `gorm:"not_null"`
	DisableDiscoveredConfigValidation bool `` /* 182-byte string literal not displayed */
	// issuer is the OIDC Discovery URL without any .well-known component
	// @inject_tag: `gorm:"default:null"`
	Issuer string `protobuf:"bytes,90,opt,name=issuer,proto3" json:"issuer,omitempty" gorm:"default:null"`
	// client_id is the OIDC client identifier
	// @inject_tag: `gorm:"not_null"`
	ClientId string `protobuf:"bytes,100,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty" gorm:"not_null"`
	// ct_client_secret is the encrypted OIDC client secret which is stored in the db.
	// @inject_tag: `gorm:"column:client_secret;not_null" wrapping:"ct,client_secret"`
	CtClientSecret []byte `` /* 172-byte string literal not displayed */
	// client_secret is the unencrypted OIDC client secret which is not stored in the database.
	// @inject_tag: `gorm:"-" wrapping:"pt,client_secret"`
	ClientSecret string `` /* 136-byte string literal not displayed */
	// client_secret_hmac is a sha256-hmac of the unencrypted client_secret that
	// is returned from the API for read.  It is recalculated everytime the raw
	// client_secret is updated.
	// @inject_tag: `gorm:"not_null"`
	ClientSecretHmac string `` /* 129-byte string literal not displayed */
	// key_id is the key ID that was used for the encryption operation. It can be
	// used to identify a specific version of the key needed to decrypt the value,
	// which is useful for caching purposes.
	// @inject_tag: `gorm:"not_null"`
	KeyId string `protobuf:"bytes,140,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" gorm:"not_null"`
	// max_age is the allowed elapsed time in seconds since the last time the user
	// was actively authenticated by the OIDC provider. -1 indicates the user
	// should be re-authenticated immediately and would represent the zero value
	// for max age based on the oidc spec.
	// @inject_tag: `gorm:"default:null"`
	MaxAge int32 `protobuf:"varint,150,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty" gorm:"default:null"`
	// api_url is the URLs prefix at which the boundary api is reachable. This value
	// is used by the auth method in the different steps of the auth flow.
	// @inject_tag: `gorm:"default:null"`
	ApiUrl string `protobuf:"bytes,160,opt,name=api_url,json=apiUrl,proto3" json:"api_url,omitempty" gorm:"default:null"`
	// signing_algs are the signing algorithms allowed for an oidc auth method.
	// These are Value Objects that will be stored as SigningAlg messages, and are
	// operated on as a complete set.
	// @inject_tag: `gorm:"-"`
	SigningAlgs []string `protobuf:"bytes,170,rep,name=signing_algs,json=signingAlgs,proto3" json:"signing_algs,omitempty" gorm:"-"`
	// aud_claims are the audience claims for a specific oidc auth method. These
	// are Value Objects that will be stored as AudClaim messages, and are
	// operatated on as a complete set.
	// @inject_tag: `gorm:"-"`
	AudClaims []string `protobuf:"bytes,180,rep,name=aud_claims,json=audClaims,proto3" json:"aud_claims,omitempty" gorm:"-"`
	// certificates are optional PEM encoded x509 certificates that can be
	// used as trust anchors when connecting to an OIDC provider. These are Value
	// Objects that will be stored as Certificate messages, and are operatated on
	// as a complete set.
	// @inject_tag: `gorm:"-"`
	Certificates []string `protobuf:"bytes,190,rep,name=certificates,proto3" json:"certificates,omitempty" gorm:"-"`
	// contains filtered or unexported fields
}

AuthMethod represents an OIDC auth method.

func (*AuthMethod) Descriptor deprecated 

func (*AuthMethod) Descriptor() ([]byte, []int)

Deprecated: Use AuthMethod.ProtoReflect.Descriptor instead.

func (*AuthMethod) GetApiUrl 

func (x *AuthMethod) GetApiUrl() string

func (*AuthMethod) GetAudClaims 

func (x *AuthMethod) GetAudClaims() []string

func (*AuthMethod) GetCertificates 

func (x *AuthMethod) GetCertificates() []string

func (*AuthMethod) GetClientId 

func (x *AuthMethod) GetClientId() string

func (*AuthMethod) GetClientSecret 

func (x *AuthMethod) GetClientSecret() string

func (*AuthMethod) GetClientSecretHmac 

func (x *AuthMethod) GetClientSecretHmac() string

func (*AuthMethod) GetCreateTime 

func (x *AuthMethod) GetCreateTime() *timestamp.Timestamp

func (*AuthMethod) GetCtClientSecret 

func (x *AuthMethod) GetCtClientSecret() []byte

func (*AuthMethod) GetDescription 

func (x *AuthMethod) GetDescription() string

func (*AuthMethod) GetDisableDiscoveredConfigValidation 

func (x *AuthMethod) GetDisableDiscoveredConfigValidation() bool

func (*AuthMethod) GetIsPrimaryAuthMethod 

func (x *AuthMethod) GetIsPrimaryAuthMethod() bool

func (*AuthMethod) GetIssuer 

func (x *AuthMethod) GetIssuer() string

func (*AuthMethod) GetKeyId 

func (x *AuthMethod) GetKeyId() string

func (*AuthMethod) GetMaxAge 

func (x *AuthMethod) GetMaxAge() int32

func (*AuthMethod) GetName 

func (x *AuthMethod) GetName() string

func (*AuthMethod) GetOperationalState 

func (x *AuthMethod) GetOperationalState() string

func (*AuthMethod) GetPublicId 

func (x *AuthMethod) GetPublicId() string

func (*AuthMethod) GetScopeId 

func (x *AuthMethod) GetScopeId() string

func (*AuthMethod) GetSigningAlgs 

func (x *AuthMethod) GetSigningAlgs() []string

func (*AuthMethod) GetUpdateTime 

func (x *AuthMethod) GetUpdateTime() *timestamp.Timestamp

func (*AuthMethod) GetVersion 

func (x *AuthMethod) GetVersion() uint32

func (*AuthMethod) ProtoMessage 

func (*AuthMethod) ProtoMessage()

func (*AuthMethod) ProtoReflect 

func (x *AuthMethod) ProtoReflect() protoreflect.Message

func (*AuthMethod) Reset 

func (x *AuthMethod) Reset()

func (*AuthMethod) String 

func (x *AuthMethod) String() string

type Certificate 

type Certificate struct {

	// @inject_tag: `gorm:"primary_key"`
	OidcMethodId string `protobuf:"bytes,10,opt,name=oidc_method_id,json=oidcMethodId,proto3" json:"oidc_method_id,omitempty" gorm:"primary_key"`
	// certificate is a PEM encoded x509
	// @inject_tag: `gorm:"column:certificate;primary_key"`
	Cert string `protobuf:"bytes,20,opt,name=cert,proto3" json:"cert,omitempty" gorm:"column:certificate;primary_key"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

Certificate entries are optional PEM encoded x509 certificates that can be used as trust anchors when connecting to an OIDC provider.

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCert 

func (x *Certificate) GetCert() string

func (*Certificate) GetCreateTime 

func (x *Certificate) GetCreateTime() *timestamp.Timestamp

func (*Certificate) GetOidcMethodId 

func (x *Certificate) GetOidcMethodId() string

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type SigningAlg 

type SigningAlg struct {

	// @inject_tag: `gorm:"primary_key"`
	OidcMethodId string `protobuf:"bytes,10,opt,name=oidc_method_id,json=oidcMethodId,proto3" json:"oidc_method_id,omitempty" gorm:"primary_key"`
	// alg is an enum from the auth_oidc_signing_alg_enm table
	// @inject_tag: `gorm:"primary_key;column:signing_alg_name"`
	Alg string `protobuf:"bytes,20,opt,name=alg,proto3" json:"alg,omitempty" gorm:"primary_key;column:signing_alg_name"`
	// The create_time is set by the database.
	// @inject_tag: `gorm:"default:current_timestamp"`
	CreateTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

SigningAlg entries are the signing algorithms allowed for an oidc auth method.

func (*SigningAlg) Descriptor deprecated 

func (*SigningAlg) Descriptor() ([]byte, []int)

Deprecated: Use SigningAlg.ProtoReflect.Descriptor instead.

func (*SigningAlg) GetAlg 

func (x *SigningAlg) GetAlg() string

func (*SigningAlg) GetCreateTime 

func (x *SigningAlg) GetCreateTime() *timestamp.Timestamp

func (*SigningAlg) GetOidcMethodId 

func (x *SigningAlg) GetOidcMethodId() string

func (*SigningAlg) ProtoMessage 

func (*SigningAlg) ProtoMessage()

func (*SigningAlg) ProtoReflect 

func (x *SigningAlg) ProtoReflect() protoreflect.Message

func (*SigningAlg) Reset 

func (x *SigningAlg) Reset()

func (*SigningAlg) String 

func (x *SigningAlg) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.