diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bfd078592..777b5624b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. ### Deprecations/Changes +* Targets: Rename Application credentials to Brokered credentials + ([PR](https://github.com/hashicorp/boundary/pull/2260)). * Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for any newly-created resources. Existing resources will not be affected. ([PR](https://github.com/hashicorp/boundary/pull/2256)) @@ -18,7 +20,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. ### New and Improved * `azure` host plugin: Support multiple MSI identities - ([PR](https://github.com/hashicorp/go-kms-wrapping/pull/97) + ([PR](https://github.com/hashicorp/go-kms-wrapping/pull/97)) ### Bug Fixes @@ -29,7 +31,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. could result in sessions never moving from `canceling` state to terminated. ([PR](https://github.com/hashicorp/boundary/pull/2229)) * The plugin execution_dir configuration parameter is now respected by kms plugins too - [PR](https://github.com/hashicorp/boundary/pull/2239). + ([PR](https://github.com/hashicorp/boundary/pull/2239)). ### Deprecations/Changes @@ -57,31 +59,31 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. credentials of type `username_password`. These credentials can act as credential sources for targets, similar to credential libraries from the `vault` credential store, and thus can be brokered to users at session - authorization time. [PR](https://github.com/hashicorp/boundary/pull/2174) + authorization time. ([PR](https://github.com/hashicorp/boundary/pull/2174)) * `boundary connect` Credential Brokering Integration: we have extended integration into the `boundary connect` helpers. A new `sshpass` style has been added to the `ssh` helper, when used, if the credential contains a username/password and `sshpass` is installed, the command will automatically pass the credentials to the `ssh` process. Additionally, the default `ssh` helper will now use the `username` of the brokered credential. - [PR](https://github.com/hashicorp/boundary/pull/2191). + ([PR](https://github.com/hashicorp/boundary/pull/2191)). * controller: Improve response time for listing sessions. This also creates a new periodic job that will delete terminated sessions after 1 hour. See Deprecations/Changes for some additional details. - [PR](https://github.com/hashicorp/boundary/pull/2160). + ([PR](https://github.com/hashicorp/boundary/pull/2160)). * event filtering: Change event filters to use lowercase and snake case for data elements like the rest of Boundary filters do. * ui: Use include_terminated flag for listing sessions. - [PR](https://github.com/hashicorp/boundary-ui/pull/1126). + ([PR](https://github.com/hashicorp/boundary-ui/pull/1126)). * ui: Add Quick Setup onboarding guide. - [PR](https://github.com/hashicorp/boundary-ui/pull/1140). + ([PR](https://github.com/hashicorp/boundary-ui/pull/1140)). ### Bug Fixes * The plugin execution_dir configuration parameter is now respected. - [PR](https://github.com/hashicorp/boundary/pull/2183). + ([PR](https://github.com/hashicorp/boundary/pull/2183)). * ui: Fix Users page not updating fields correctly. - [PR](https://github.com/hashicorp/boundary-ui/pull/1105). + ([PR](https://github.com/hashicorp/boundary-ui/pull/1105)). ### Deprecations/Changes @@ -97,7 +99,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. to no longer include sessions in a terminated state and introduces a new query parameter/cli flag to include the terminated sessions. This also removes the connection information from the list response. - [PR](https://github.com/hashicorp/boundary/pull/2160). + ([PR](https://github.com/hashicorp/boundary/pull/2160)). * Anonymous user permissions: In order to reduce the risk of accidental and unintended granting of permissions to anonymous users, the permissions system now only allows certain actions on certain resources to be assigned to the @@ -124,10 +126,10 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. * metrics: Provide metrics for controllers and workers * controller: Add health endpoint ([PR](https://github.com/hashicorp/boundary/pull/1882)) * controller: Improve response time for listing sessions and targets. - [PR](https://github.com/hashicorp/boundary/pull/2049) + ([PR](https://github.com/hashicorp/boundary/pull/2049)) * ui: Add support for worker filters in targets * ui: Add manual refresh button in sessions list -* Audit events are no longer a WIP ([PR](https://github.com/hashicorp/boundary/pull/2031). +* Audit events are no longer a WIP ([PR](https://github.com/hashicorp/boundary/pull/2031)). ### Bug Fixes @@ -140,7 +142,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. [PR](https://github.com/hashicorp/boundary/pull/1976)) * controller: Fix for retrieving sessions that could result in incomplete results when there is a large number (10k+) of sessions. - [PR](https://github.com/hashicorp/boundary/pull/2049) + ([PR](https://github.com/hashicorp/boundary/pull/2049)) * session: update session state trigger to prevent transitions to invalid states ([Issue](https://github.com/hashicorp/boundary/issues/2040), [PR](https://github.com/hashicorp/boundary/pull/2046)) @@ -334,7 +336,7 @@ isolate transactions and prevent resource contention that caused deadlocks. validating even though it is correctly handled within the ACL code. ([PR](https://github.com/hashicorp/boundary/pull/1474)) * targets: Fix panic when using `boundary targets authorize-session` - ([issue](https://github.com/hashicorp/boundary/issues/1488), + ([Issue](https://github.com/hashicorp/boundary/issues/1488), [PR](https://github.com/hashicorp/boundary/pull/1496)) ## 0.5.1 (2021/08/16) @@ -453,7 +455,7 @@ isolate transactions and prevent resource contention that caused deadlocks. * config: Fix error when populating all `kms` purposes in separate blocks (as well as the error message) - ([issue](https://github.com/hashicorp/boundary/issues/1305), + ([Issue](https://github.com/hashicorp/boundary/issues/1305), [PR](https://github.com/hashicorp/boundary/pull/1384)) * server: Fix panic on worker startup failure when the server was not also configured as a controller @@ -504,7 +506,7 @@ Boundary) but it's worth repeating. * scheduler: removes a Postgres check constraint, on the length of the controller name, causing an error when the scheduler attempts to run jobs - ([issue](https://github.com/hashicorp/boundary/issues/1309), + ([Issue](https://github.com/hashicorp/boundary/issues/1309), [PR](https://github.com/hashicorp/boundary/pull/1310)). * Docker: update entrypoint script to handle more Boundary subcommands for better UX @@ -574,7 +576,7 @@ Boundary) but it's worth repeating. * oidc: If provider returns an `aud` claim as a `string` or `[]string`, Boundary will properly parse the claims JSON. - ([issue](https://github.com/hashicorp/cap/issues/37), + ([Issue](https://github.com/hashicorp/cap/issues/37), [PR](https://github.com/hashicorp/boundary/pull/1231)) * sessions: Clean up connections that are dangling after a worker dies (is restarted, powered off, etc.) This fixes some cases where a session never goes diff --git a/api/targets/option.gen.go b/api/targets/option.gen.go index 225b52e994..4fa3fc5bf1 100644 --- a/api/targets/option.gen.go +++ b/api/targets/option.gen.go @@ -111,6 +111,18 @@ func DefaultAttributes() Option { } } +func WithBrokeredCredentialSourceIds(inBrokeredCredentialSourceIds []string) Option { + return func(o *options) { + o.postMap["brokered_credential_source_ids"] = inBrokeredCredentialSourceIds + } +} + +func DefaultBrokeredCredentialSourceIds() Option { + return func(o *options) { + o.postMap["brokered_credential_source_ids"] = nil + } +} + func WithTcpTargetDefaultPort(inDefaultPort uint32) Option { return func(o *options) { raw, ok := o.postMap["attributes"] @@ -147,21 +159,21 @@ func DefaultDescription() Option { } } -func WithEgressCredentialSourceIds(inEgressCredentialSourceIds []string) Option { +func WithHostId(inHostId string) Option { return func(o *options) { - o.postMap["egress_credential_source_ids"] = inEgressCredentialSourceIds + o.postMap["host_id"] = inHostId } } -func DefaultEgressCredentialSourceIds() Option { +func WithInjectedApplicationCredentialSourceIds(inInjectedApplicationCredentialSourceIds []string) Option { return func(o *options) { - o.postMap["egress_credential_source_ids"] = nil + o.postMap["injected_application_credential_source_ids"] = inInjectedApplicationCredentialSourceIds } } -func WithHostId(inHostId string) Option { +func DefaultInjectedApplicationCredentialSourceIds() Option { return func(o *options) { - o.postMap["host_id"] = inHostId + o.postMap["injected_application_credential_source_ids"] = nil } } diff --git a/api/targets/target.gen.go b/api/targets/target.gen.go index d930d7798e..d427beb500 100644 --- a/api/targets/target.gen.go +++ b/api/targets/target.gen.go @@ -13,28 +13,30 @@ import ( ) type Target struct { - Id string `json:"id,omitempty"` - ScopeId string `json:"scope_id,omitempty"` - Scope *scopes.ScopeInfo `json:"scope,omitempty"` - Name string `json:"name,omitempty"` - Description string `json:"description,omitempty"` - CreatedTime time.Time `json:"created_time,omitempty"` - UpdatedTime time.Time `json:"updated_time,omitempty"` - Version uint32 `json:"version,omitempty"` - Type string `json:"type,omitempty"` - HostSetIds []string `json:"host_set_ids,omitempty"` - HostSets []*HostSet `json:"host_sets,omitempty"` - HostSourceIds []string `json:"host_source_ids,omitempty"` - HostSources []*HostSource `json:"host_sources,omitempty"` - SessionMaxSeconds uint32 `json:"session_max_seconds,omitempty"` - SessionConnectionLimit int32 `json:"session_connection_limit,omitempty"` - WorkerFilter string `json:"worker_filter,omitempty"` - ApplicationCredentialSourceIds []string `json:"application_credential_source_ids,omitempty"` - ApplicationCredentialSources []*CredentialSource `json:"application_credential_sources,omitempty"` - EgressCredentialSourceIds []string `json:"egress_credential_source_ids,omitempty"` - EgressCredentialSources []*CredentialSource `json:"egress_credential_sources,omitempty"` - Attributes map[string]interface{} `json:"attributes,omitempty"` - AuthorizedActions []string `json:"authorized_actions,omitempty"` + Id string `json:"id,omitempty"` + ScopeId string `json:"scope_id,omitempty"` + Scope *scopes.ScopeInfo `json:"scope,omitempty"` + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + CreatedTime time.Time `json:"created_time,omitempty"` + UpdatedTime time.Time `json:"updated_time,omitempty"` + Version uint32 `json:"version,omitempty"` + Type string `json:"type,omitempty"` + HostSetIds []string `json:"host_set_ids,omitempty"` + HostSets []*HostSet `json:"host_sets,omitempty"` + HostSourceIds []string `json:"host_source_ids,omitempty"` + HostSources []*HostSource `json:"host_sources,omitempty"` + SessionMaxSeconds uint32 `json:"session_max_seconds,omitempty"` + SessionConnectionLimit int32 `json:"session_connection_limit,omitempty"` + WorkerFilter string `json:"worker_filter,omitempty"` + ApplicationCredentialSourceIds []string `json:"application_credential_source_ids,omitempty"` + ApplicationCredentialSources []*CredentialSource `json:"application_credential_sources,omitempty"` + BrokeredCredentialSourceIds []string `json:"brokered_credential_source_ids,omitempty"` + BrokeredCredentialSources []*CredentialSource `json:"brokered_credential_sources,omitempty"` + InjectedApplicationCredentialSourceIds []string `json:"injected_application_credential_source_ids,omitempty"` + InjectedApplicationCredentialSources []*CredentialSource `json:"injected_application_credential_sources,omitempty"` + Attributes map[string]interface{} `json:"attributes,omitempty"` + AuthorizedActions []string `json:"authorized_actions,omitempty"` response *api.Response } diff --git a/globals/fields.go b/globals/fields.go index c06d5c94d8..815cc37d62 100644 --- a/globals/fields.go +++ b/globals/fields.go @@ -1,87 +1,87 @@ package globals const ( - IdField = "id" - VersionField = "version" - NameField = "name" - DescriptionField = "description" - CreatedTimeField = "created_time" - UpdatedTimeField = "updated_time" - TypeField = "type" - AttributesField = "attributes" - ScopeIdField = "scope_id" - ScopeField = "scope" - AuthMethodIdField = "auth_method_id" - AccountIdField = "account_id" - UserIdField = "user_id" - IsPrimaryField = "is_primary" - AuthorizedActionsField = "authorized_actions" - AuthorizedCollectionActionsField = "authorized_collection_actions" - ExpirationTimeField = "expiration_time" - ApproximateLastUsedTimeField = "approximate_last_used_time" - MembersField = "members" - MemberIdsField = "member_ids" - HostCatalogIdField = "host_catalog_id" - HostSetIdsField = "host_set_ids" - HostSourceIdsField = "host_source_ids" - HostIdsField = "host_ids" - PrincipalIdsField = "principal_ids" - PrincipalsField = "principals" - GrantScopeIdField = "grant_scope_id" - GrantsField = "grants" - GrantStringsField = "grant_strings" - PrimaryAuthMethodIdField = "primary_auth_method_id" - TargetIdField = "target_id" - HostIdField = "host_id" - HostSetIdField = "host_set_id" - HostSetsField = "host_sets" - HostSourcesField = "host_sources" - AuthTokenIdField = "auth_token_id" - EndpointField = "endpoint" - CertificateField = "certificate" - TerminationReasonField = "termination_reason" - StatusField = "status" - StatesField = "states" - SessionConnectionLimitField = "session_connection_limit" - SessionMaxSecondsField = "session_max_seconds" - WorkerFilterField = "worker_filter" - AccountIdsField = "account_ids" - AccountsField = "accounts" - LoginNameField = "login_name" - FullNameField = "full_name" - PrimaryAccountIdField = "primary_account_id" - EmailField = "email" - ManagedGroupIdsField = "managed_group_ids" - FilterField = "filter" - CredentialStoreIdField = "credential_store_id" - ApplicationCredentialLibraryIdsField = "application_credential_library_ids" - ApplicationCredentialLibrariesField = "application_credential_libraries" - ApplicationCredentialSourceIdsField = "application_credential_source_ids" - ApplicationCredentialSourcesField = "application_credential_sources" - PreferredEndpointsField = "preferred_endpoints" - SyncIntervalSecondsField = "sync_interval_seconds" - PluginIdField = "plugin_id" - PluginField = "plugin" - PluginNameField = "plugin_name" - IpAddressesField = "ip_addresses" - DnsNamesField = "dns_names" - SecretsHmacField = "secrets_hmac" - ExternalIdField = "external_id" - EgressCredentialSourceIdsField = "egress_credential_source_ids" - EgressCredentialSourcesField = "egress_credential_sources" - ConnectionsField = "connections" - CredentialTypeField = "credential_type" - CredentialMappingOverridesField = "credential_mapping_overrides" - MetricNamespace = "boundary" - LastStatusTimeField = "last_status_time" - AddressField = "address" - CanonicalAddressField = "canonical_address" - TagsField = "tags" - CanonicalTagsField = "canonical_tags" - ConfigTagsField = "config_tags" - ApiTagsField = "api_tags" - ConfigurationField = "configuration" - WorkerGeneratedAuthTokenField = "worker_generated_auth_token" - WorkerProvidedConfigurationField = "worker_provided_configuration" - ActiveConnectionCountField = "active_connection_count" + IdField = "id" + VersionField = "version" + NameField = "name" + DescriptionField = "description" + CreatedTimeField = "created_time" + UpdatedTimeField = "updated_time" + TypeField = "type" + AttributesField = "attributes" + ScopeIdField = "scope_id" + ScopeField = "scope" + AuthMethodIdField = "auth_method_id" + AccountIdField = "account_id" + UserIdField = "user_id" + IsPrimaryField = "is_primary" + AuthorizedActionsField = "authorized_actions" + AuthorizedCollectionActionsField = "authorized_collection_actions" + ExpirationTimeField = "expiration_time" + ApproximateLastUsedTimeField = "approximate_last_used_time" + MembersField = "members" + MemberIdsField = "member_ids" + HostCatalogIdField = "host_catalog_id" + HostSetIdsField = "host_set_ids" + HostSourceIdsField = "host_source_ids" + HostIdsField = "host_ids" + PrincipalIdsField = "principal_ids" + PrincipalsField = "principals" + GrantScopeIdField = "grant_scope_id" + GrantsField = "grants" + GrantStringsField = "grant_strings" + PrimaryAuthMethodIdField = "primary_auth_method_id" + TargetIdField = "target_id" + HostIdField = "host_id" + HostSetIdField = "host_set_id" + HostSetsField = "host_sets" + HostSourcesField = "host_sources" + AuthTokenIdField = "auth_token_id" + EndpointField = "endpoint" + CertificateField = "certificate" + TerminationReasonField = "termination_reason" + StatusField = "status" + StatesField = "states" + SessionConnectionLimitField = "session_connection_limit" + SessionMaxSecondsField = "session_max_seconds" + WorkerFilterField = "worker_filter" + AccountIdsField = "account_ids" + AccountsField = "accounts" + LoginNameField = "login_name" + FullNameField = "full_name" + PrimaryAccountIdField = "primary_account_id" + EmailField = "email" + ManagedGroupIdsField = "managed_group_ids" + FilterField = "filter" + CredentialStoreIdField = "credential_store_id" + ApplicationCredentialSourceIdsField = "application_credential_source_ids" + ApplicationCredentialSourcesField = "application_credential_sources" + BrokeredCredentialSourceIdsField = "brokered_credential_source_ids" + BrokeredCredentialSourcesField = "brokered_credential_sources" + PreferredEndpointsField = "preferred_endpoints" + SyncIntervalSecondsField = "sync_interval_seconds" + PluginIdField = "plugin_id" + PluginField = "plugin" + PluginNameField = "plugin_name" + IpAddressesField = "ip_addresses" + DnsNamesField = "dns_names" + SecretsHmacField = "secrets_hmac" + ExternalIdField = "external_id" + InjectedApplicationCredentialSourceIdsField = "injected_application_credential_source_ids" + InjectedApplicationCredentialSourcesField = "injected_application_credential_sources" + ConnectionsField = "connections" + CredentialTypeField = "credential_type" + CredentialMappingOverridesField = "credential_mapping_overrides" + MetricNamespace = "boundary" + LastStatusTimeField = "last_status_time" + AddressField = "address" + CanonicalAddressField = "canonical_address" + TagsField = "tags" + CanonicalTagsField = "canonical_tags" + ConfigTagsField = "config_tags" + ApiTagsField = "api_tags" + ConfigurationField = "configuration" + WorkerGeneratedAuthTokenField = "worker_generated_auth_token" + WorkerProvidedConfigurationField = "worker_provided_configuration" + ActiveConnectionCountField = "active_connection_count" ) diff --git a/internal/api/genapi/input.go b/internal/api/genapi/input.go index dd7fa32c36..34236a5b65 100644 --- a/internal/api/genapi/input.go +++ b/internal/api/genapi/input.go @@ -664,8 +664,13 @@ var inputStructs = []*structInfo{ FieldType: "[]string", }, { - Name: "EgressCredentialSourceIds", - ProtoName: "egress_credential_source_ids", + Name: "BrokeredCredentialSourceIds", + ProtoName: "brokered_credential_source_ids", + FieldType: "[]string", + }, + { + Name: "InjectedApplicationCredentialSourceIds", + ProtoName: "injected_application_credential_source_ids", FieldType: "[]string", }, }, diff --git a/internal/cmd/commands/targetscmd/funcs.go b/internal/cmd/commands/targetscmd/funcs.go index 7408548892..49c12f661b 100644 --- a/internal/cmd/commands/targetscmd/funcs.go +++ b/internal/cmd/commands/targetscmd/funcs.go @@ -30,12 +30,12 @@ func init() { } type extraCmdVars struct { - flagHostSets []string - flagHostSources []string - flagApplicationCredentialSources []string - flagEgressCredentialSources []string - flagHostId string - sar *targets.SessionAuthorizationResult + flagHostSets []string + flagHostSources []string + flagBrokeredCredentialSources []string + flagInjectedApplicationCredentialSources []string + flagHostId string + sar *targets.SessionAuthorizationResult } func extraActionsFlagsMapFuncImpl() map[string][]string { @@ -47,9 +47,9 @@ func extraActionsFlagsMapFuncImpl() map[string][]string { "add-host-sources": {"id", "host-source", "version"}, "remove-host-sources": {"id", "host-source", "version"}, "set-host-sources": {"id", "host-source", "version"}, - "add-credential-sources": {"id", "application-credential-source", "egress-credential-source", "version"}, - "remove-credential-sources": {"id", "application-credential-source", "egress-credential-source", "version"}, - "set-credential-sources": {"id", "application-credential-source", "egress-credential-source", "version"}, + "add-credential-sources": {"id", "application-credential-source", "brokered-credential-source", "injected-application-credential-source", "version"}, + "remove-credential-sources": {"id", "application-credential-source", "brokered-credential-source", "injected-application-credential-source", "version"}, + "set-credential-sources": {"id", "application-credential-source", "brokered-credential-source", "injected-application-credential-source", "version"}, } } @@ -224,7 +224,7 @@ func (c *Command) extraHelpFunc(helpMap map[string]func() string) string { "", " Add credential sources to a tcp-type target:", "", - ` $ boundary targets add-credential-sources -id ttcp_1234567890 -application-credential-source clvlt_1234567890 -application-credential-source clvlt_0987654321`, + ` $ boundary targets add-credential-sources -id ttcp_1234567890 -brokered-credential-source clvlt_1234567890 -brokered-credential-source clvlt_0987654321`, "", "", }) @@ -236,7 +236,7 @@ func (c *Command) extraHelpFunc(helpMap map[string]func() string) string { "", " Remove credential sources from a tcp-type target:", "", - ` $ boundary targets remove-credential-sources -id ttcp_1234567890 -application-credential-source clvlt_1234567890 -application-credential-source clvlt_0987654321`, + ` $ boundary targets remove-credential-sources -id ttcp_1234567890 -brokered-credential-source clvlt_1234567890 -brokered-credential-source clvlt_0987654321`, "", "", }) @@ -248,7 +248,7 @@ func (c *Command) extraHelpFunc(helpMap map[string]func() string) string { "", " Set credential sources on a tcp-type target:", "", - ` $ boundary targets set-credential-sources -id ttcp_1234567890 -application-credential-source clvlt_1234567890`, + ` $ boundary targets set-credential-sources -id ttcp_1234567890 -brokered-credential-source clvlt_1234567890`, "", "", }) @@ -293,17 +293,23 @@ func extraFlagsFuncImpl(c *Command, _ *base.FlagSets, f *base.FlagSet) { Target: &c.flagHostId, Usage: "The ID of a specific host to connect to out of the hosts from the target's host sets. If not specified, one is chosen at random.", }) + case "brokered-credential-source": + f.StringSliceVar(&base.StringSliceVar{ + Name: "brokered-credential-source", + Target: &c.flagBrokeredCredentialSources, + Usage: "The credential source to add, set, or remove that Boundary will return to the user when creating a connection. May be specified multiple times.", + }) case "application-credential-source": f.StringSliceVar(&base.StringSliceVar{ Name: "application-credential-source", - Target: &c.flagApplicationCredentialSources, - Usage: "The credential source for application purpose to add, set, or remove. May be specified multiple times.", + Target: &c.flagBrokeredCredentialSources, + Usage: "Deprecated: use -brokered-credential-source instead", }) - case "egress-credential-source": + case "injected-application-credential-source": f.StringSliceVar(&base.StringSliceVar{ - Name: "egress-credential-source", - Target: &c.flagEgressCredentialSources, - Usage: "The credential source for egress purpose to add, set, or remove. May be specified multiple times.", + Name: "injected-application-credential-source", + Target: &c.flagInjectedApplicationCredentialSources, + Usage: "The credential source to add, set, or remove that Boundary will inject when creating a connection. May be specified multiple times.", }) } } @@ -404,49 +410,47 @@ func extraFlagsHandlingFuncImpl(c *Command, _ *base.FlagSets, opts *[]targets.Op } case "add-credential-sources", "remove-credential-sources": - // TODO: As we add other purposes, add them to this check - if len(c.flagApplicationCredentialSources)+len(c.flagEgressCredentialSources) == 0 { - c.UI.Error("No credential sources supplied via -application-credential-source or -egress-credential-source") + if len(c.flagBrokeredCredentialSources)+len(c.flagInjectedApplicationCredentialSources) == 0 { + c.UI.Error("No credential sources supplied via -brokered-credential-source or -injected-application-credential-source") return false } - if len(c.flagApplicationCredentialSources) > 0 { - *opts = append(*opts, targets.WithApplicationCredentialSourceIds(c.flagApplicationCredentialSources)) + if len(c.flagBrokeredCredentialSources) > 0 { + *opts = append(*opts, targets.WithBrokeredCredentialSourceIds(c.flagBrokeredCredentialSources)) } - if len(c.flagEgressCredentialSources) > 0 { - *opts = append(*opts, targets.WithEgressCredentialSourceIds(c.flagEgressCredentialSources)) + if len(c.flagInjectedApplicationCredentialSources) > 0 { + *opts = append(*opts, targets.WithInjectedApplicationCredentialSourceIds(c.flagInjectedApplicationCredentialSources)) } case "set-credential-sources": - // TODO: As we add other purposes, add them to this check - if len(c.flagApplicationCredentialSources)+len(c.flagEgressCredentialSources) == 0 { - c.UI.Error("No credential sources supplied via -application-credential-source or -egress-credential-source") + if len(c.flagBrokeredCredentialSources)+len(c.flagInjectedApplicationCredentialSources) == 0 { + c.UI.Error("No credential sources supplied via -brokered-credential-source or -injected-application-credential-source") return false } - switch len(c.flagApplicationCredentialSources) { + switch len(c.flagBrokeredCredentialSources) { case 0: // do nothing case 1: - if c.flagApplicationCredentialSources[0] == "null" { - *opts = append(*opts, targets.DefaultApplicationCredentialSourceIds()) + if c.flagBrokeredCredentialSources[0] == "null" { + *opts = append(*opts, targets.DefaultBrokeredCredentialSourceIds()) break } fallthrough default: - *opts = append(*opts, targets.WithApplicationCredentialSourceIds(c.flagApplicationCredentialSources)) + *opts = append(*opts, targets.WithBrokeredCredentialSourceIds(c.flagBrokeredCredentialSources)) } - switch len(c.flagEgressCredentialSources) { + switch len(c.flagInjectedApplicationCredentialSources) { case 0: // do nothing case 1: - if c.flagEgressCredentialSources[0] == "null" { - *opts = append(*opts, targets.DefaultEgressCredentialSourceIds()) + if c.flagInjectedApplicationCredentialSources[0] == "null" { + *opts = append(*opts, targets.DefaultInjectedApplicationCredentialSourceIds()) break } fallthrough default: - *opts = append(*opts, targets.WithEgressCredentialSourceIds(c.flagEgressCredentialSources)) + *opts = append(*opts, targets.WithInjectedApplicationCredentialSourceIds(c.flagInjectedApplicationCredentialSources)) } case "authorize-session": @@ -610,36 +614,36 @@ func printItemTable(result api.GenericResult) string { } var credentialSourceMaps map[credential.Purpose][]map[string]interface{} - if len(item.ApplicationCredentialSources) > 0 { + if len(item.BrokeredCredentialSources) > 0 { if credentialSourceMaps == nil { credentialSourceMaps = make(map[credential.Purpose][]map[string]interface{}) } - var applicationCredentialSourceMaps []map[string]interface{} - for _, source := range item.ApplicationCredentialSources { + var brokeredCredentialSourceMaps []map[string]interface{} + for _, source := range item.BrokeredCredentialSources { m := map[string]interface{}{ "ID": source.Id, "Credential Store ID": source.CredentialStoreId, } - applicationCredentialSourceMaps = append(applicationCredentialSourceMaps, m) + brokeredCredentialSourceMaps = append(brokeredCredentialSourceMaps, m) } - credentialSourceMaps[credential.ApplicationPurpose] = applicationCredentialSourceMaps + credentialSourceMaps[credential.BrokeredPurpose] = brokeredCredentialSourceMaps if l := len("Credential Store ID"); l > maxLength { maxLength = l } } - if len(item.EgressCredentialSources) > 0 { + if len(item.InjectedApplicationCredentialSources) > 0 { if credentialSourceMaps == nil { credentialSourceMaps = make(map[credential.Purpose][]map[string]interface{}) } - var egressCredentialSourceMaps []map[string]interface{} - for _, source := range item.EgressCredentialSources { + var injectedApplicationCredentialSourceMaps []map[string]interface{} + for _, source := range item.InjectedApplicationCredentialSources { m := map[string]interface{}{ "ID": source.Id, "Credential Store ID": source.CredentialStoreId, } - egressCredentialSourceMaps = append(egressCredentialSourceMaps, m) + injectedApplicationCredentialSourceMaps = append(injectedApplicationCredentialSourceMaps, m) } - credentialSourceMaps[credential.EgressPurpose] = egressCredentialSourceMaps + credentialSourceMaps[credential.InjectedApplicationPurpose] = injectedApplicationCredentialSourceMaps if l := len("Credential Store ID"); l > maxLength { maxLength = l } @@ -685,13 +689,13 @@ func printItemTable(result api.GenericResult) string { for purpose, sources := range credentialSourceMaps { switch purpose { - case credential.ApplicationPurpose: + case credential.BrokeredPurpose: ret = append(ret, - " Application Credential Sources:", + " Brokered Credential Sources:", ) - case credential.EgressPurpose: + case credential.InjectedApplicationPurpose: ret = append(ret, - " Egress Credential Sources:", + " Injected Application Credential Sources:", ) } for _, m := range sources { @@ -864,8 +868,8 @@ func exampleOutput() string { HostCatalogId: "hcst_1234567890", }, }, - ApplicationCredentialSourceIds: []string{"clvlt_1234567890", "clvlt_0987654321"}, - ApplicationCredentialSources: []*targets.CredentialSource{ + BrokeredCredentialSourceIds: []string{"clvlt_1234567890", "clvlt_0987654321"}, + BrokeredCredentialSources: []*targets.CredentialSource{ { Id: "clvlt_1234567890", CredentialStoreId: "csvlt_1234567890", diff --git a/internal/credential/credential.go b/internal/credential/credential.go index e085d6c473..5e146ffe21 100644 --- a/internal/credential/credential.go +++ b/internal/credential/credential.go @@ -47,26 +47,20 @@ func (p Purpose) String() string { // Credential purpose values. const ( - // ApplicationPurpose is a credential used for application specific - // purposes. Application credentials are returned to the user. - ApplicationPurpose Purpose = "application" - - // IngressPurpose is a credential used by a boundary worker to secure - // the connection between the user and the worker. Ingress credentials - // are never returned to the user. - IngressPurpose Purpose = "ingress" - - // EgressPurpose is a credential used by a boundary worker to secure - // the connection between the worker and the endpoint. Egress - // credentials are never returned to the user. - EgressPurpose Purpose = "egress" + // BrokeredPurpose is a credential used for brokering specific + // purposes. Brokered credentials are returned to the user. + BrokeredPurpose Purpose = "brokered" + + // InjectedApplicationPurpose is a credential used by a boundary + // worker to secure the connection between the worker and the endpoint. + // Injected Application credentials are never returned to the user. + InjectedApplicationPurpose Purpose = "injected_application" ) // ValidPurposes are the set of all credential Purposes. var ValidPurposes = []Purpose{ - ApplicationPurpose, - IngressPurpose, - EgressPurpose, + BrokeredPurpose, + InjectedApplicationPurpose, } // SecretData represents secret data. diff --git a/internal/credential/vault/private_library_test.go b/internal/credential/vault/private_library_test.go index c54357032d..a43f57c799 100644 --- a/internal/credential/vault/private_library_test.go +++ b/internal/credential/vault/private_library_test.go @@ -88,7 +88,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -99,7 +99,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -110,7 +110,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -124,7 +124,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -141,7 +141,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -158,7 +158,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } { @@ -176,7 +176,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) { assert.NoError(err) require.NotNil(lib) libs[lib.GetPublicId()] = lib - req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.ApplicationPurpose} + req := credential.Request{SourceId: lib.GetPublicId(), Purpose: credential.BrokeredPurpose} requests = append(requests, req) } @@ -233,7 +233,7 @@ func TestRequestMap(t *testing.T) { requests: []credential.Request{ { SourceId: "kaz", - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, @@ -245,11 +245,11 @@ func TestRequestMap(t *testing.T) { requests: []credential.Request{ { SourceId: "kaz", - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, { SourceId: "gary", - Purpose: credential.EgressPurpose, + Purpose: credential.InjectedApplicationPurpose, }, }, }, @@ -261,11 +261,11 @@ func TestRequestMap(t *testing.T) { requests: []credential.Request{ { SourceId: "kaz", - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, { SourceId: "kaz", - Purpose: credential.EgressPurpose, + Purpose: credential.InjectedApplicationPurpose, }, }, }, @@ -277,11 +277,11 @@ func TestRequestMap(t *testing.T) { requests: []credential.Request{ { SourceId: "kaz", - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, { SourceId: "kaz", - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, diff --git a/internal/credential/vault/repository_credentials_test.go b/internal/credential/vault/repository_credentials_test.go index a86a6b0686..19c80a6b22 100644 --- a/internal/credential/vault/repository_credentials_test.go +++ b/internal/credential/vault/repository_credentials_test.go @@ -204,7 +204,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libDB], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, @@ -214,11 +214,11 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libDB], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, { SourceId: libs[libPKI], - Purpose: credential.IngressPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, @@ -228,7 +228,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libErrPKI], - Purpose: credential.IngressPurpose, + Purpose: credential.BrokeredPurpose, }, }, wantErr: errors.VaultCredentialRequest, @@ -239,11 +239,11 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libDB], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, { SourceId: libs[libPKI], - Purpose: credential.IngressPurpose, + Purpose: credential.BrokeredPurpose, }, }, wantErr: errors.InvalidDynamicCredential, @@ -254,7 +254,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libKV], - Purpose: credential.IngressPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, @@ -264,7 +264,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libUsrPassDB], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, @@ -274,7 +274,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libErrKV], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, wantErr: errors.VaultEmptySecret, @@ -285,7 +285,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libErrUsrPassDB], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, wantErr: errors.VaultInvalidCredentialMapping, @@ -296,7 +296,7 @@ func TestRepository_IssueCredentials(t *testing.T) { requests: []credential.Request{ { SourceId: libs[libUsrPassKV], - Purpose: credential.ApplicationPurpose, + Purpose: credential.BrokeredPurpose, }, }, }, diff --git a/internal/credential/vault/setup_manual_test.go b/internal/credential/vault/setup_manual_test.go index 7a872b182f..aa4fff3fc1 100644 --- a/internal/credential/vault/setup_manual_test.go +++ b/internal/credential/vault/setup_manual_test.go @@ -79,7 +79,7 @@ func TestSetupSleepyDevEnvironment(t *testing.T) { ) require.NoError(t, err) require.NotNil(t, lib) - tgt, err = tcl.AddCredentialSources(ctx, tgt.Item.Id, 0, targets.WithAutomaticVersioning(true), targets.WithApplicationCredentialSourceIds([]string{lib.Item.Id})) + tgt, err = tcl.AddCredentialSources(ctx, tgt.Item.Id, 0, targets.WithAutomaticVersioning(true), targets.WithBrokeredCredentialSourceIds([]string{lib.Item.Id})) require.NoError(t, err) require.NotNil(t, tgt) // Worker 1 diff --git a/internal/daemon/controller/handlers/targets/target_service.go b/internal/daemon/controller/handlers/targets/target_service.go index 5e1f46cb41..ec257eb481 100644 --- a/internal/daemon/controller/handlers/targets/target_service.go +++ b/internal/daemon/controller/handlers/targets/target_service.go @@ -612,7 +612,9 @@ func (s Service) AddTargetCredentialSources(ctx context.Context, req *pbs.AddTar return nil, authResults.Error } } - t, ts, cl, err := s.addCredentialSourcesInRepo(ctx, req.GetId(), req.GetApplicationCredentialSourceIds(), req.GetEgressCredentialSourceIds(), req.GetVersion()) + + brokeredCredentialSources := strutil.MergeSlices(req.GetApplicationCredentialSourceIds(), req.GetBrokeredCredentialSourceIds()) + t, ts, cl, err := s.addCredentialSourcesInRepo(ctx, req.GetId(), brokeredCredentialSources, req.GetInjectedApplicationCredentialSourceIds(), req.GetVersion()) if err != nil { return nil, err } @@ -655,7 +657,9 @@ func (s Service) SetTargetCredentialSources(ctx context.Context, req *pbs.SetTar return nil, authResults.Error } } - t, ts, cl, err := s.setCredentialSourcesInRepo(ctx, req.GetId(), req.GetApplicationCredentialSourceIds(), req.GetEgressCredentialSourceIds(), req.GetVersion()) + + brokeredCredentialSources := strutil.MergeSlices(req.GetApplicationCredentialSourceIds(), req.GetBrokeredCredentialSourceIds()) + t, ts, cl, err := s.setCredentialSourcesInRepo(ctx, req.GetId(), brokeredCredentialSources, req.GetInjectedApplicationCredentialSourceIds(), req.GetVersion()) if err != nil { return nil, err } @@ -698,7 +702,9 @@ func (s Service) RemoveTargetCredentialSources(ctx context.Context, req *pbs.Rem return nil, authResults.Error } } - t, ts, cl, err := s.removeCredentialSourcesInRepo(ctx, req.GetId(), req.GetApplicationCredentialSourceIds(), req.GetEgressCredentialSourceIds(), req.GetVersion()) + + brokeredCredentialSources := strutil.MergeSlices(req.GetApplicationCredentialSourceIds(), req.GetBrokeredCredentialSourceIds()) + t, ts, cl, err := s.removeCredentialSourcesInRepo(ctx, req.GetId(), brokeredCredentialSources, req.GetInjectedApplicationCredentialSourceIds(), req.GetVersion()) if err != nil { return nil, err } @@ -983,14 +989,14 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession var workerCreds []session.Credential for _, cred := range dynamic { switch cred.Purpose() { - case credential.EgressPurpose: + case credential.InjectedApplicationPurpose: c, err := dynamicToWorkerCredential(ctx, cred) if err != nil { return nil, errors.Wrap(ctx, err, op) } workerCreds = append(workerCreds, c) - case credential.ApplicationPurpose: + case credential.BrokeredPurpose: c, err := dynamicToSessionCredential(ctx, cred) if err != nil { return nil, errors.Wrap(ctx, err, op) @@ -1004,14 +1010,14 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession for _, sc := range staticCreds { switch sc.CredentialPurpose { - case string(credential.EgressPurpose): + case string(credential.InjectedApplicationPurpose): c, err := staticToWorkerCredential(ctx, staticCredsById[sc.CredentialStaticId]) if err != nil { return nil, errors.Wrap(ctx, err, op) } workerCreds = append(workerCreds, c) - case string(credential.ApplicationPurpose): + case string(credential.BrokeredPurpose): c, err := staticToSessionCredential(ctx, staticCredsById[sc.CredentialStaticId]) if err != nil { return nil, errors.Wrap(ctx, err, op) @@ -1271,18 +1277,18 @@ func (s Service) removeHostSourcesInRepo(ctx context.Context, targetId string, h return out, hs, cl, nil } -func (s Service) addCredentialSourcesInRepo(ctx context.Context, targetId string, applicationIds []string, egressIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { +func (s Service) addCredentialSourcesInRepo(ctx context.Context, targetId string, brokeredIds []string, injectedAppIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { repo, err := s.repoFn() if err != nil { return nil, nil, nil, err } var creds target.CredentialSources - if len(applicationIds) > 0 { - creds.ApplicationCredentialIds = strutil.RemoveDuplicates(applicationIds, false) + if len(brokeredIds) > 0 { + creds.BrokeredCredentialIds = strutil.RemoveDuplicates(brokeredIds, false) } - if len(egressIds) > 0 { - creds.EgressCredentialIds = strutil.RemoveDuplicates(egressIds, false) + if len(injectedAppIds) > 0 { + creds.InjectedApplicationCredentialIds = strutil.RemoveDuplicates(injectedAppIds, false) } out, hs, credSources, err := repo.AddTargetCredentialSources(ctx, targetId, version, creds) @@ -1296,7 +1302,7 @@ func (s Service) addCredentialSourcesInRepo(ctx context.Context, targetId string return out, hs, credSources, nil } -func (s Service) setCredentialSourcesInRepo(ctx context.Context, targetId string, applicationIds []string, egressIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { +func (s Service) setCredentialSourcesInRepo(ctx context.Context, targetId string, brokeredIds []string, injectedAppIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { const op = "targets.(Service).setCredentialSourcesInRepo" repo, err := s.repoFn() if err != nil { @@ -1304,11 +1310,11 @@ func (s Service) setCredentialSourcesInRepo(ctx context.Context, targetId string } var ids target.CredentialSources - if len(applicationIds) > 0 { - ids.ApplicationCredentialIds = strutil.RemoveDuplicates(applicationIds, false) + if len(brokeredIds) > 0 { + ids.BrokeredCredentialIds = strutil.RemoveDuplicates(brokeredIds, false) } - if len(egressIds) > 0 { - ids.EgressCredentialIds = strutil.RemoveDuplicates(egressIds, false) + if len(injectedAppIds) > 0 { + ids.InjectedApplicationCredentialIds = strutil.RemoveDuplicates(injectedAppIds, false) } _, _, _, err = repo.SetTargetCredentialSources(ctx, targetId, version, ids) @@ -1327,7 +1333,7 @@ func (s Service) setCredentialSourcesInRepo(ctx context.Context, targetId string return out, hs, credSources, nil } -func (s Service) removeCredentialSourcesInRepo(ctx context.Context, targetId string, applicationIds []string, egressIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { +func (s Service) removeCredentialSourcesInRepo(ctx context.Context, targetId string, brokeredIds []string, injectedAppIds []string, version uint32) (target.Target, []target.HostSource, []target.CredentialSource, error) { const op = "targets.(Service).removeCredentialSourcesInRepo" repo, err := s.repoFn() if err != nil { @@ -1335,11 +1341,11 @@ func (s Service) removeCredentialSourcesInRepo(ctx context.Context, targetId str } var ids target.CredentialSources - if len(applicationIds) > 0 { - ids.ApplicationCredentialIds = strutil.RemoveDuplicates(applicationIds, false) + if len(brokeredIds) > 0 { + ids.BrokeredCredentialIds = strutil.RemoveDuplicates(brokeredIds, false) } - if len(egressIds) > 0 { - ids.EgressCredentialIds = strutil.RemoveDuplicates(egressIds, false) + if len(injectedAppIds) > 0 { + ids.InjectedApplicationCredentialIds = strutil.RemoveDuplicates(injectedAppIds, false) } _, err = repo.DeleteTargetCredentialSources(ctx, targetId, version, ids) if err != nil { @@ -1484,41 +1490,48 @@ func toProto(ctx context.Context, in target.Target, hostSources []target.HostSou } } - var appCredSources, egressCredSources []*pb.CredentialSource - var appCredSourceIds, egressCredSourceIds []string + var brokeredSources, injectedAppSources []*pb.CredentialSource + var brokeredSourceIds, injectedAppSourceIds []string for _, cs := range credSources { switch cs.CredentialPurpose() { - case credential.ApplicationPurpose: - appCredSourceIds = append(appCredSourceIds, cs.Id()) - appCredSources = append(appCredSources, &pb.CredentialSource{ + case credential.BrokeredPurpose: + brokeredSourceIds = append(brokeredSourceIds, cs.Id()) + brokeredSources = append(brokeredSources, &pb.CredentialSource{ Id: cs.Id(), CredentialStoreId: cs.CredentialStoreId(), }) - case credential.EgressPurpose: - egressCredSources = append(egressCredSources, &pb.CredentialSource{ + case credential.InjectedApplicationPurpose: + injectedAppSources = append(injectedAppSources, &pb.CredentialSource{ Id: cs.Id(), CredentialStoreId: cs.CredentialStoreId(), }) - egressCredSourceIds = append(egressCredSourceIds, cs.Id()) + injectedAppSourceIds = append(injectedAppSourceIds, cs.Id()) default: return nil, errors.New(ctx, errors.Internal, op, fmt.Sprintf("unrecognized purpose %q for credential source on target", cs.CredentialPurpose())) } } + // TODO: Application Credentials are deprecated, remove when field removed. if outputFields.Has(globals.ApplicationCredentialSourceIdsField) { - out.ApplicationCredentialSourceIds = appCredSourceIds + out.ApplicationCredentialSourceIds = brokeredSourceIds } if outputFields.Has(globals.ApplicationCredentialSourcesField) { - out.ApplicationCredentialSources = appCredSources + out.ApplicationCredentialSources = brokeredSources + } + if outputFields.Has(globals.BrokeredCredentialSourceIdsField) { + out.BrokeredCredentialSourceIds = brokeredSourceIds + } + if outputFields.Has(globals.BrokeredCredentialSourcesField) { + out.BrokeredCredentialSources = brokeredSources } - if outputFields.Has(globals.EgressCredentialSourceIdsField) { - out.EgressCredentialSourceIds = egressCredSourceIds + if outputFields.Has(globals.InjectedApplicationCredentialSourceIdsField) { + out.InjectedApplicationCredentialSourceIds = injectedAppSourceIds } - if outputFields.Has(globals.EgressCredentialSourcesField) { - out.EgressCredentialSources = egressCredSources + if outputFields.Has(globals.InjectedApplicationCredentialSourcesField) { + out.InjectedApplicationCredentialSources = injectedAppSources } if outputFields.Has(globals.AttributesField) { if err := subtypeRegistry.setAttributes(in.GetType(), in, &out); err != nil { @@ -1792,19 +1805,26 @@ func validateAddCredentialSourcesRequest(req *pbs.AddTargetCredentialSourcesRequ if req.GetVersion() == 0 { badFields[globals.VersionField] = "Required field." } - if len(req.GetApplicationCredentialSourceIds())+len(req.GetEgressCredentialSourceIds()) == 0 { - badFields[globals.ApplicationCredentialSourceIdsField] = "Application or Egress Credential Source IDs must be provided." - badFields[globals.EgressCredentialSourceIdsField] = "Application or Egress Credential Source IDs must be provided." + if len(req.GetApplicationCredentialSourceIds())+len(req.GetBrokeredCredentialSourceIds())+len(req.GetInjectedApplicationCredentialSourceIds()) == 0 { + badFields[globals.BrokeredCredentialSourceIdsField] = "Brokered or Injected Application Credential Source IDs must be provided." + badFields[globals.InjectedApplicationCredentialSourceIdsField] = "Brokered or Injected Application Credential Source IDs must be provided." } + // TODO: Application Credentials are deprecated, remove when field removed. for _, cl := range req.GetApplicationCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { badFields[globals.ApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } - for _, cl := range req.GetEgressCredentialSourceIds() { + for _, cl := range req.GetBrokeredCredentialSourceIds() { + if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { + badFields[globals.BrokeredCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + break + } + } + for _, cl := range req.GetInjectedApplicationCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { - badFields[globals.EgressCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + badFields[globals.InjectedApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } @@ -1822,15 +1842,22 @@ func validateSetCredentialSourcesRequest(req *pbs.SetTargetCredentialSourcesRequ if req.GetVersion() == 0 { badFields[globals.VersionField] = "Required field." } + // TODO: Application Credentials are deprecated, remove when field removed. for _, cl := range req.GetApplicationCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { badFields[globals.ApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } - for _, cl := range req.GetEgressCredentialSourceIds() { + for _, cl := range req.GetBrokeredCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { - badFields[globals.EgressCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + badFields[globals.BrokeredCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + break + } + } + for _, cl := range req.GetInjectedApplicationCredentialSourceIds() { + if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { + badFields[globals.InjectedApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } @@ -1848,19 +1875,26 @@ func validateRemoveCredentialSourcesRequest(req *pbs.RemoveTargetCredentialSourc if req.GetVersion() == 0 { badFields[globals.VersionField] = "Required field." } - if len(req.GetApplicationCredentialSourceIds())+len(req.GetEgressCredentialSourceIds()) == 0 { - badFields[globals.ApplicationCredentialSourceIdsField] = "Application or Egress Credential Source IDs must be provided." - badFields[globals.EgressCredentialSourceIdsField] = "Application or Egress Credential Source IDs must be provided." + if len(req.GetApplicationCredentialSourceIds())+len(req.GetBrokeredCredentialSourceIds())+len(req.GetInjectedApplicationCredentialSourceIds()) == 0 { + badFields[globals.BrokeredCredentialSourceIdsField] = "Brokered or Injected Application Credential Source IDs must be provided." + badFields[globals.InjectedApplicationCredentialSourceIdsField] = "Brokered or Injected Application Credential Source IDs must be provided." } + // TODO: Application Credentials are deprecated, remove when field removed. for _, cl := range req.GetApplicationCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { badFields[globals.ApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } - for _, cl := range req.GetEgressCredentialSourceIds() { + for _, cl := range req.GetBrokeredCredentialSourceIds() { + if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { + badFields[globals.BrokeredCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + break + } + } + for _, cl := range req.GetInjectedApplicationCredentialSourceIds() { if !handlers.ValidId(handlers.Id(cl), vault.CredentialLibraryPrefix, credstatic.UsernamePasswordCredentialPrefix, credstatic.PreviousUsernamePasswordCredentialPrefix) { - badFields[globals.EgressCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) + badFields[globals.InjectedApplicationCredentialSourceIdsField] = fmt.Sprintf("Incorrectly formatted credential source identifier %q.", cl) break } } diff --git a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go index c20698195f..edcbfa2457 100644 --- a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go +++ b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go @@ -1881,37 +1881,37 @@ func TestAddTargetCredentialSources(t *testing.T) { }, { name: "Add library on library populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for lib-lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for lib-lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{cls[1].GetPublicId()}, resultSourceIds: []string{cls[0].GetPublicId(), cls[1].GetPublicId()}, }, { name: "Add library on static cred populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for lib-static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for lib-static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{cls[1].GetPublicId()}, resultSourceIds: []string{creds[0].GetPublicId(), cls[1].GetPublicId()}, }, { name: "Add static cred on library populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for static-lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for static-lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{creds[1].GetPublicId()}, resultSourceIds: []string{cls[0].GetPublicId(), creds[1].GetPublicId()}, }, { name: "Add static cred on static cred populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for static-static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated for static-static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{creds[1].GetPublicId()}, resultSourceIds: []string{creds[0].GetPublicId(), creds[1].GetPublicId()}, }, { name: "Add duplicated sources on library populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicated for lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicated for lib sources", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{cls[1].GetPublicId(), cls[1].GetPublicId(), creds[1].GetPublicId(), creds[1].GetPublicId()}, resultSourceIds: []string{cls[0].GetPublicId(), cls[1].GetPublicId(), creds[1].GetPublicId()}, }, { name: "Add duplicated sources on static cred populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicated for static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicated for static sources", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), addSources: []string{cls[1].GetPublicId(), cls[1].GetPublicId(), creds[1].GetPublicId(), creds[1].GetPublicId()}, resultSourceIds: []string{creds[0].GetPublicId(), cls[1].GetPublicId(), creds[1].GetPublicId()}, }, @@ -1920,14 +1920,17 @@ func TestAddTargetCredentialSources(t *testing.T) { for _, tc := range addCases { t.Run(tc.name, func(t *testing.T) { req := &pbs.AddTargetCredentialSourcesRequest{ - Id: tc.tar.GetPublicId(), - Version: tc.tar.GetVersion(), - ApplicationCredentialSourceIds: tc.addSources, + Id: tc.tar.GetPublicId(), + Version: tc.tar.GetVersion(), + BrokeredCredentialSourceIds: tc.addSources, } got, err := s.AddTargetCredentialSources(auth.DisabledAuthTestContext(iamRepoFn, proj.GetPublicId()), req) require.NoError(t, err, "Got error: %v", s) + assert.ElementsMatch(t, tc.resultSourceIds, got.GetItem().GetBrokeredCredentialSourceIds()) + assert.Equal(t, len(tc.resultSourceIds), len(got.GetItem().GetBrokeredCredentialSources())) + assert.ElementsMatch(t, tc.resultSourceIds, got.GetItem().GetApplicationCredentialSourceIds()) assert.Equal(t, len(tc.resultSourceIds), len(got.GetItem().GetApplicationCredentialSources())) }) @@ -1945,7 +1948,7 @@ func TestAddTargetCredentialSources(t *testing.T) { req: &pbs.AddTargetCredentialSourcesRequest{ Id: "bad id", Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{ + BrokeredCredentialSourceIds: []string{ cls[0].GetPublicId(), }, }, @@ -1956,7 +1959,7 @@ func TestAddTargetCredentialSources(t *testing.T) { req: &pbs.AddTargetCredentialSourcesRequest{ Id: tar.GetPublicId(), Version: tar.GetVersion() + 2, - ApplicationCredentialSourceIds: []string{ + BrokeredCredentialSourceIds: []string{ cls[0].GetPublicId(), }, }, @@ -1973,9 +1976,9 @@ func TestAddTargetCredentialSources(t *testing.T) { { name: "Incorrect source id", req: &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{"incorrect"}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{"incorrect"}, }, err: handlers.ApiErrorWithCode(codes.InvalidArgument), }, @@ -2034,45 +2037,45 @@ func TestSetTargetCredentialSources(t *testing.T) { }, { name: "Set library on library populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated library-library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated library-library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{cls[1].GetPublicId()}, resultCredentialSourceIds: []string{cls[1].GetPublicId()}, }, { name: "Set static on library populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated static-library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated static-library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{creds[1].GetPublicId()}, resultCredentialSourceIds: []string{creds[1].GetPublicId()}, }, { name: "Set library on static populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated library-static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated library-static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{cls[1].GetPublicId()}, resultCredentialSourceIds: []string{cls[1].GetPublicId()}, }, { name: "Set static on static populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated static-static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "populated static-static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{creds[1].GetPublicId()}, resultCredentialSourceIds: []string{creds[1].GetPublicId()}, }, { name: "Set duplicate library on populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicate library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicate library", target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{cls[1].GetPublicId(), cls[1].GetPublicId()}, resultCredentialSourceIds: []string{cls[1].GetPublicId()}, }, { name: "Set duplicate static on populated target", - tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicate static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "duplicate static", target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{creds[1].GetPublicId(), creds[1].GetPublicId()}, resultCredentialSourceIds: []string{creds[1].GetPublicId()}, }, { name: "Set empty on populated target", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "another populated", - target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose)}), - target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose)})), + target.WithCredentialLibraries([]*target.CredentialLibrary{target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose)}), + target.WithStaticCredentials([]*target.StaticCredential{target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose)})), setCredentialSources: []string{}, resultCredentialSourceIds: nil, }, @@ -2080,13 +2083,16 @@ func TestSetTargetCredentialSources(t *testing.T) { for _, tc := range setCases { t.Run(tc.name, func(t *testing.T) { req := &pbs.SetTargetCredentialSourcesRequest{ - Id: tc.tar.GetPublicId(), - Version: tc.tar.GetVersion(), - ApplicationCredentialSourceIds: tc.setCredentialSources, + Id: tc.tar.GetPublicId(), + Version: tc.tar.GetVersion(), + BrokeredCredentialSourceIds: tc.setCredentialSources, } got, err := s.SetTargetCredentialSources(auth.DisabledAuthTestContext(iamRepoFn, proj.GetPublicId()), req) require.NoError(t, err, "Got error: %v", s) + assert.ElementsMatch(t, tc.resultCredentialSourceIds, got.GetItem().GetBrokeredCredentialSourceIds()) + assert.Equal(t, len(tc.resultCredentialSourceIds), len(got.GetItem().GetBrokeredCredentialSources())) + assert.ElementsMatch(t, tc.resultCredentialSourceIds, got.GetItem().GetApplicationCredentialSourceIds()) assert.Equal(t, len(tc.resultCredentialSourceIds), len(got.GetItem().GetApplicationCredentialSources())) }) @@ -2102,27 +2108,27 @@ func TestSetTargetCredentialSources(t *testing.T) { { name: "Bad target Id", req: &pbs.SetTargetCredentialSourcesRequest{ - Id: "bad id", - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{cls[0].GetPublicId()}, + Id: "bad id", + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{cls[0].GetPublicId()}, }, err: handlers.ApiErrorWithCode(codes.InvalidArgument), }, { name: "Bad version", req: &pbs.SetTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion() + 3, - ApplicationCredentialSourceIds: []string{cls[0].GetPublicId()}, + Id: tar.GetPublicId(), + Version: tar.GetVersion() + 3, + BrokeredCredentialSourceIds: []string{cls[0].GetPublicId()}, }, err: handlers.ApiErrorWithCode(codes.Internal), }, { name: "Bad source id", req: &pbs.SetTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{"invalid"}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{"invalid"}, }, err: handlers.ApiErrorWithCode(codes.InvalidArgument), }, @@ -2184,8 +2190,8 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove 1 of 2 libraries", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove partial lib", target.WithCredentialLibraries([]*target.CredentialLibrary{ - target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{cls[1].GetPublicId()}, resultCredentialSourceIds: []string{cls[0].GetPublicId()}, @@ -2194,8 +2200,8 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove 1 of 2 static credentials", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove partial static", target.WithStaticCredentials([]*target.StaticCredential{ - target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{creds[1].GetPublicId()}, resultCredentialSourceIds: []string{creds[0].GetPublicId()}, @@ -2204,8 +2210,8 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove 1 duplicate set of 2 libraries", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove duplicate lib", target.WithCredentialLibraries([]*target.CredentialLibrary{ - target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{ cls[1].GetPublicId(), cls[1].GetPublicId(), @@ -2216,8 +2222,8 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove 1 duplicate set of 2 static credentials", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove duplicate static", target.WithStaticCredentials([]*target.StaticCredential{ - target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{ creds[1].GetPublicId(), creds[1].GetPublicId(), @@ -2228,12 +2234,12 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove mixed sources from target", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove mixed", target.WithCredentialLibraries([]*target.CredentialLibrary{ - target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.BrokeredPurpose), }), target.WithStaticCredentials([]*target.StaticCredential{ - target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{ cls[1].GetPublicId(), creds[0].GetPublicId(), @@ -2246,12 +2252,12 @@ func TestRemoveTargetCredentialSources(t *testing.T) { name: "Remove all sources from target", tar: tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), "remove all", target.WithCredentialLibraries([]*target.CredentialLibrary{ - target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewCredentialLibrary("", cls[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewCredentialLibrary("", cls[1].GetPublicId(), credential.BrokeredPurpose), }), target.WithStaticCredentials([]*target.StaticCredential{ - target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.ApplicationPurpose), - target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.ApplicationPurpose), + target.TestNewStaticCredential("", creds[0].GetPublicId(), credential.BrokeredPurpose), + target.TestNewStaticCredential("", creds[1].GetPublicId(), credential.BrokeredPurpose), })), removeCredentialSources: []string{ cls[0].GetPublicId(), cls[1].GetPublicId(), @@ -2264,9 +2270,9 @@ func TestRemoveTargetCredentialSources(t *testing.T) { for _, tc := range removeCases { t.Run(tc.name, func(t *testing.T) { req := &pbs.RemoveTargetCredentialSourcesRequest{ - Id: tc.tar.GetPublicId(), - Version: tc.tar.GetVersion(), - ApplicationCredentialSourceIds: tc.removeCredentialSources, + Id: tc.tar.GetPublicId(), + Version: tc.tar.GetVersion(), + BrokeredCredentialSourceIds: tc.removeCredentialSources, } got, err := s.RemoveTargetCredentialSources(auth.DisabledAuthTestContext(iamRepoFn, proj.GetPublicId()), req) @@ -2276,6 +2282,9 @@ func TestRemoveTargetCredentialSources(t *testing.T) { } require.NoError(t, err, "Got error: %v", s) + assert.ElementsMatch(t, tc.resultCredentialSourceIds, got.GetItem().GetBrokeredCredentialSourceIds()) + assert.Equal(t, len(tc.resultCredentialSourceIds), len(got.GetItem().GetBrokeredCredentialSources())) + assert.ElementsMatch(t, tc.resultCredentialSourceIds, got.GetItem().GetApplicationCredentialSourceIds()) assert.Equal(t, len(tc.resultCredentialSourceIds), len(got.GetItem().GetApplicationCredentialSources())) }) @@ -2293,7 +2302,7 @@ func TestRemoveTargetCredentialSources(t *testing.T) { req: &pbs.RemoveTargetCredentialSourcesRequest{ Id: tar.GetPublicId(), Version: tar.GetVersion() + 3, - ApplicationCredentialSourceIds: []string{ + BrokeredCredentialSourceIds: []string{ cls[0].GetPublicId(), }, }, @@ -2304,7 +2313,7 @@ func TestRemoveTargetCredentialSources(t *testing.T) { req: &pbs.RemoveTargetCredentialSourcesRequest{ Id: "bad id", Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{ + BrokeredCredentialSourceIds: []string{ cls[0].GetPublicId(), }, }, @@ -2313,9 +2322,9 @@ func TestRemoveTargetCredentialSources(t *testing.T) { { name: "Empty sources", req: &pbs.RemoveTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{}, }, err: handlers.ApiErrorWithCode(codes.InvalidArgument), }, @@ -2324,7 +2333,7 @@ func TestRemoveTargetCredentialSources(t *testing.T) { req: &pbs.RemoveTargetCredentialSourcesRequest{ Id: tar.GetPublicId(), Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{ + BrokeredCredentialSourceIds: []string{ "invalid", }, }, @@ -2518,9 +2527,9 @@ func TestAuthorizeSession(t *testing.T) { require.NoError(t, err) _, err = s.AddTargetCredentialSources(ctx, &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - ApplicationCredentialSourceIds: []string{clsResp.GetItem().GetId()}, - Version: apiTar.GetItem().GetVersion(), + Id: tar.GetPublicId(), + BrokeredCredentialSourceIds: []string{clsResp.GetItem().GetId()}, + Version: apiTar.GetItem().GetVersion(), }) require.NoError(t, err) @@ -2863,9 +2872,9 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) { require.NoError(t, err) _, err = s.AddTargetCredentialSources(ctx, &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - ApplicationCredentialSourceIds: []string{tc.credSourceId}, - Version: apiTar.GetItem().GetVersion(), + Id: tar.GetPublicId(), + BrokeredCredentialSourceIds: []string{tc.credSourceId}, + Version: apiTar.GetItem().GetVersion(), }) require.NoError(t, err) @@ -3041,9 +3050,9 @@ func TestAuthorizeSession_Errors(t *testing.T) { tr, err := s.AddTargetCredentialSources(ctx, &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - ApplicationCredentialSourceIds: []string{clsResp.GetItem().GetId()}, - Version: tar.GetVersion(), + Id: tar.GetPublicId(), + BrokeredCredentialSourceIds: []string{clsResp.GetItem().GetId()}, + Version: tar.GetVersion(), }) require.NoError(t, err) return tr.GetItem().GetVersion() @@ -3065,9 +3074,9 @@ func TestAuthorizeSession_Errors(t *testing.T) { tr, err := s.AddTargetCredentialSources(ctx, &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - ApplicationCredentialSourceIds: []string{clsResp.GetItem().GetId()}, - Version: tar.GetVersion(), + Id: tar.GetPublicId(), + BrokeredCredentialSourceIds: []string{clsResp.GetItem().GetId()}, + Version: tar.GetVersion(), }) require.NoError(t, err) return tr.GetItem().GetVersion() @@ -3202,9 +3211,9 @@ func TestAddTargetCredentialLibraryPerms(t *testing.T) { tar := tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), tc.name) req := &pbs.AddTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{cred.GetPublicId()}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{cred.GetPublicId()}, } got, err := s.AddTargetCredentialSources(ctx, req) @@ -3288,9 +3297,9 @@ func TestSetTargetCredentialLibraryPerms(t *testing.T) { tar := tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), tc.name) req := &pbs.SetTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{cred.GetPublicId()}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{cred.GetPublicId()}, } got, err := s.SetTargetCredentialSources(ctx, req) @@ -3373,13 +3382,13 @@ func TestRemoveTargetCredentialLibraryPerms(t *testing.T) { require.NoError(t, err) tar := tcp.TestTarget(ctx, t, conn, proj.GetPublicId(), tc.name, target.WithStaticCredentials([]*target.StaticCredential{ - target.TestNewStaticCredential("", cred.GetPublicId(), credential.ApplicationPurpose), + target.TestNewStaticCredential("", cred.GetPublicId(), credential.BrokeredPurpose), })) req := &pbs.RemoveTargetCredentialSourcesRequest{ - Id: tar.GetPublicId(), - Version: tar.GetVersion(), - ApplicationCredentialSourceIds: []string{cred.GetPublicId()}, + Id: tar.GetPublicId(), + Version: tar.GetVersion(), + BrokeredCredentialSourceIds: []string{cred.GetPublicId()}, } got, err := s.RemoveTargetCredentialSources(ctx, req) diff --git a/internal/daemon/worker/handler.go b/internal/daemon/worker/handler.go index 75c8070cf6..a7e344b48e 100644 --- a/internal/daemon/worker/handler.go +++ b/internal/daemon/worker/handler.go @@ -257,7 +257,7 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig, sessionMa credentials := sess.GetCredentials() var proxyOpts []proxyHandlers.Option if len(credentials) > 0 { - proxyOpts = append(proxyOpts, proxyHandlers.WithEgressCredentials(credentials)) + proxyOpts = append(proxyOpts, proxyHandlers.WithInjectedApplicationCredentials(credentials)) } if err = handleProxyFn(connCtx, conf, proxyOpts...); err != nil { diff --git a/internal/daemon/worker/proxy/options.go b/internal/daemon/worker/proxy/options.go index 70b21c1fe9..cad7adf380 100644 --- a/internal/daemon/worker/proxy/options.go +++ b/internal/daemon/worker/proxy/options.go @@ -18,18 +18,19 @@ func GetOpts(opt ...Option) Options { // Options = how options are represented type Options struct { - WithEgressCredentials []*serverpb.Credential + WithInjectedApplicationCredentials []*serverpb.Credential } func getDefaultOptions() Options { return Options{ - WithEgressCredentials: nil, + WithInjectedApplicationCredentials: nil, } } -// WithEgressCredentials provides an optional egress credentials to use when establishing a proxy -func WithEgressCredentials(creds []*serverpb.Credential) Option { +// WithInjectedApplicationCredentials provides an optional injected application +// credentials to use when establishing a proxy +func WithInjectedApplicationCredentials(creds []*serverpb.Credential) Option { return func(o *Options) { - o.WithEgressCredentials = creds + o.WithInjectedApplicationCredentials = creds } } diff --git a/internal/daemon/worker/proxy/options_test.go b/internal/daemon/worker/proxy/options_test.go index 335f16b706..a4733e2af5 100644 --- a/internal/daemon/worker/proxy/options_test.go +++ b/internal/daemon/worker/proxy/options_test.go @@ -10,7 +10,7 @@ import ( func Test_GetOpts(t *testing.T) { t.Parallel() - t.Run("WithEgressCredentials", func(t *testing.T) { + t.Run("WithInjectedApplicationCredentials", func(t *testing.T) { assert := assert.New(t) c := &serverpb.Credential{ Credential: &serverpb.Credential_UsernamePassword{ @@ -20,10 +20,10 @@ func Test_GetOpts(t *testing.T) { }, }, } - opts := GetOpts(WithEgressCredentials([]*serverpb.Credential{c})) + opts := GetOpts(WithInjectedApplicationCredentials([]*serverpb.Credential{c})) testOpts := getDefaultOptions() assert.NotEqual(opts, testOpts) - testOpts.WithEgressCredentials = []*serverpb.Credential{c} + testOpts.WithInjectedApplicationCredentials = []*serverpb.Credential{c} assert.Equal(opts, testOpts) }) } diff --git a/internal/db/schema/migrations/oss/postgres/10/03_credential.up.sql b/internal/db/schema/migrations/oss/postgres/10/03_credential.up.sql index 5610cb89f3..ac68d4e42e 100644 --- a/internal/db/schema/migrations/oss/postgres/10/03_credential.up.sql +++ b/internal/db/schema/migrations/oss/postgres/10/03_credential.up.sql @@ -239,6 +239,7 @@ begin; create table credential_purpose_enm ( name text primary key + -- This constraint is updated in 39/01_credential.up.sql constraint only_predefined_credential_purposes_allowed check ( name in ( @@ -252,6 +253,7 @@ begin; 'credential_purpose_enm is an enumeration table for credential purposes. ' 'It contains rows for representing the application, egress, and ingress credential purposes.'; + -- These values are updated in 39/01_credential.up.sql insert into credential_purpose_enm (name) values ('application'), diff --git a/internal/db/schema/migrations/oss/postgres/39/01_credential.up.sql b/internal/db/schema/migrations/oss/postgres/39/01_credential.up.sql new file mode 100644 index 0000000000..7cbca9ac63 --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/39/01_credential.up.sql @@ -0,0 +1,37 @@ +begin; + + -- drop constraint so we can migrate enm values + alter table credential_purpose_enm + drop constraint only_predefined_credential_purposes_allowed; + + -- update egress to injected_application + update credential_purpose_enm + set name = 'injected_application' + where name = 'egress'; + + -- update application to brokered + update credential_purpose_enm + set name = 'brokered' + where name = 'application'; + + -- delete ingress as it will no longer be used + delete from credential_purpose_enm + where name = 'ingress'; + + -- Add new constraint that only allows 'brokered' and new 'injected_application' + -- This replaces the constraint defined in 10/03_credential.up.sql + alter table credential_purpose_enm + add constraint only_predefined_credential_purposes_allowed + check ( + name in ( + 'brokered', + 'injected_application' + ) + ); + + -- update comment on table + comment on table credential_purpose_enm is + 'credential_purpose_enm is an enumeration table for credential purposes. ' + 'It contains rows for representing the brokered, and injected_application credential purposes.'; + +commit; diff --git a/internal/db/schema/migrations/oss/postgres/39/02_wh_credential.up.sql b/internal/db/schema/migrations/oss/postgres/39/02_wh_credential.up.sql new file mode 100644 index 0000000000..6d6b78d7d0 --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/39/02_wh_credential.up.sql @@ -0,0 +1,13 @@ +begin; + + -- update egress to injected_application + update wh_credential_dimension + set credential_purpose = 'injected_application' + where credential_purpose = 'egress'; + + -- update application to brokered + update wh_credential_dimension + set credential_purpose = 'brokered' + where credential_purpose = 'application'; + +commit; diff --git a/internal/db/sqltest/initdb.d/01_colors_persona.sql b/internal/db/sqltest/initdb.d/01_colors_persona.sql index 299ff37484..1a37e8c409 100644 --- a/internal/db/sqltest/initdb.d/01_colors_persona.sql +++ b/internal/db/sqltest/initdb.d/01_colors_persona.sql @@ -238,7 +238,7 @@ begin; insert into target_credential_library (target_id, credential_library_id, credential_purpose) values - ('t_________cb', 'vl______cvl', 'application'); + ('t_________cb', 'vl______cvl', 'brokered'); insert into session ( scope_id, target_id, host_set_id, host_id, user_id, auth_token_id, certificate, endpoint, public_id) diff --git a/internal/db/sqltest/initdb.d/03_widgets_persona.sql b/internal/db/sqltest/initdb.d/03_widgets_persona.sql index e5ebbc7c26..7e6e30dd92 100644 --- a/internal/db/sqltest/initdb.d/03_widgets_persona.sql +++ b/internal/db/sqltest/initdb.d/03_widgets_persona.sql @@ -375,10 +375,10 @@ begin; insert into target_credential_library (target_id, credential_library_id, credential_purpose) values - ('t_________wb', 'vl______wvl1', 'application'), - ('t_________wb', 'vl______wvl2', 'application'), - ('t_________wb', 'vl______wvl3', 'application'), - ('t_________wb', 'vl______wvl3', 'egress'); + ('t_________wb', 'vl______wvl1', 'brokered'), + ('t_________wb', 'vl______wvl2', 'brokered'), + ('t_________wb', 'vl______wvl3', 'brokered'), + ('t_________wb', 'vl______wvl3', 'injected_application'); end; $$ language plpgsql; diff --git a/internal/db/sqltest/tests/wh/credential_dimension/dimension.sql b/internal/db/sqltest/tests/wh/credential_dimension/dimension.sql index d0d9f244de..7a9326b704 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension/dimension.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension/dimension.sql @@ -10,7 +10,7 @@ begin; organization_id, organization_name, organization_description, current_row_indicator, row_effective_time, row_expiration_time ) values ( - 'application', + 'brokered', 'vl______wvl1', 'vault credential library', 'gidget vault library', 'None', '/secrets', 'GET', '\x4e6f6e65', 'vs_______wvs', 'vault credential store', 'widget vault store', 'None', 'default', 'https://vault.widget', 't_________wb', 'tcp target', 'Big Widget Target', 'None', 0, 28800, 1, @@ -25,7 +25,7 @@ begin; where credential_library_id = 'vl______wvl1' and credential_store_id = 'vs_______wvs' and target_id = 't_________wb' - and credential_purpose = 'application' + and credential_purpose = 'brokered' and current_row_indicator = 'Current'; insert into wh_credential_dimension ( @@ -37,7 +37,7 @@ begin; organization_id, organization_name, organization_description, current_row_indicator, row_effective_time, row_expiration_time ) values ( - 'application', + 'brokered', 'vl______wvl1', 'vault credential library', 'gidget vault library', 'None', '/secrets', 'GET', '\x4e6f6e65', 'vs_______wvs', 'vault credential store', 'widget vault store', 'None', 'default', 'https://vault.widget', 't_________wb', 'tcp target', 'Big Widget Target', 'None', 0, 28800, 1, diff --git a/internal/db/sqltest/tests/wh/credential_dimension/session_multiple_sessions.sql b/internal/db/sqltest/tests/wh/credential_dimension/session_multiple_sessions.sql index 076652e684..4efb82f04e 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension/session_multiple_sessions.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension/session_multiple_sessions.sql @@ -16,7 +16,7 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'); + ('s1____walter', 'vl______wvl1', null, 'brokered'); select is(count(*), 1::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; -- another session with: @@ -31,7 +31,7 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s2____walter', 'vl______wvl1', null, 'application'); + ('s2____walter', 'vl______wvl1', null, 'brokered'); select is(count(*), 1::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; -- change the crediential for the target @@ -45,7 +45,7 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s3____walter', 'vl______wvl1', null, 'application'); + ('s3____walter', 'vl______wvl1', null, 'brokered'); select is(count(*), 2::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; -- start another session, should result in a one new credential dimensions @@ -56,8 +56,8 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s4____walter', 'vl______wvl1', null, 'application'), - ('s4____walter', 'vl______wvl2', null, 'application'); + ('s4____walter', 'vl______wvl1', null, 'brokered'), + ('s4____walter', 'vl______wvl2', null, 'brokered'); select is(count(*), 3::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; -- change the crediential again for the target @@ -71,8 +71,8 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s5____walter', 'vl______wvl1', null, 'application'), - ('s5____walter', 'vl______wvl2', null, 'application'); + ('s5____walter', 'vl______wvl1', null, 'brokered'), + ('s5____walter', 'vl______wvl2', null, 'brokered'); select is(count(*), 4::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; select is(count(*), 2::bigint) from wh_credential_dimension where organization_id = 'o_____widget' and current_row_indicator = 'Current'; diff --git a/internal/db/sqltest/tests/wh/credential_dimension/session_update.sql b/internal/db/sqltest/tests/wh/credential_dimension/session_update.sql index 452c0c3d23..a1504fdf61 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension/session_update.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension/session_update.sql @@ -16,7 +16,7 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'); + ('s1____walter', 'vl______wvl1', null, 'brokered'); select is(count(*), 1::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; diff --git a/internal/db/sqltest/tests/wh/credential_dimension/three_credentials_one_change.sql b/internal/db/sqltest/tests/wh/credential_dimension/three_credentials_one_change.sql index f541335e29..df1592c187 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension/three_credentials_one_change.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension/three_credentials_one_change.sql @@ -20,9 +20,9 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'), - ('s1____walter', 'vl______wvl2', null, 'application'), - ('s1____walter', 'vl______wvl3', null, 'application'); + ('s1____walter', 'vl______wvl1', null, 'brokered'), + ('s1____walter', 'vl______wvl2', null, 'brokered'), + ('s1____walter', 'vl______wvl3', null, 'brokered'); select is(count(*), 3::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; @@ -35,9 +35,9 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s2____walter', 'vl______wvl1', null, 'application'), - ('s2____walter', 'vl______wvl2', null, 'application'), - ('s2____walter', 'vl______wvl3', null, 'application'); + ('s2____walter', 'vl______wvl1', null, 'brokered'), + ('s2____walter', 'vl______wvl2', null, 'brokered'), + ('s2____walter', 'vl______wvl3', null, 'brokered'); select is(count(*), 4::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; select is(count(*), 3::bigint) from wh_credential_dimension where organization_id = 'o_____widget' and current_row_indicator = 'Current'; diff --git a/internal/db/sqltest/tests/wh/credential_dimension_views/source.sql b/internal/db/sqltest/tests/wh/credential_dimension_views/source.sql index a65dc54f56..eb951dd001 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension_views/source.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension_views/source.sql @@ -10,11 +10,11 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'); + ('s1____walter', 'vl______wvl1', null, 'brokered'); select is(s.*, row( 's1____walter', - 'application', -- credential_purpose, + 'brokered', -- credential_purpose, 'vl______wvl1', -- credential_library_id, 'vault credential library', -- credential_library_type, 'widget vault library', -- credential_library_name, diff --git a/internal/db/sqltest/tests/wh/credential_dimension_views/target.sql b/internal/db/sqltest/tests/wh/credential_dimension_views/target.sql index 831c665c66..67ba4bd455 100644 --- a/internal/db/sqltest/tests/wh/credential_dimension_views/target.sql +++ b/internal/db/sqltest/tests/wh/credential_dimension_views/target.sql @@ -18,7 +18,7 @@ begin; values ( 'wcd________1', - 'application', + 'brokered', 'vl_______wvl', 'vault credential library', 'widget vault library', 'None', '/secrets', 'GET', 'None', 'vs_______wvs', 'vault credential store', 'widget vault store', 'None', 'blue', 'https://vault.widget', 't_________wb', 'tcp target', 'Big Widget Target', 'None', 0, 28800, 1, @@ -29,7 +29,7 @@ begin; select is(t.*, row( 'wcd________1', - 'application', + 'brokered', 'vl_______wvl', 'vault credential library', 'widget vault library', 'None', '/secrets', 'GET', 'None', 'vs_______wvs', 'vault credential store', 'widget vault store', 'None', 'blue', 'https://vault.widget', 't_________wb', 'tcp target', 'Big Widget Target', 'None', 0, 28800, 1, diff --git a/internal/db/sqltest/tests/wh/session_credential_dynamic/insert.sql b/internal/db/sqltest/tests/wh/session_credential_dynamic/insert.sql index b499affc41..d9952caab0 100644 --- a/internal/db/sqltest/tests/wh/session_credential_dynamic/insert.sql +++ b/internal/db/sqltest/tests/wh/session_credential_dynamic/insert.sql @@ -17,7 +17,7 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'); + ('s1____walter', 'vl______wvl1', null, 'brokered'); select is(count(*), 1::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; select is(count(*), 1::bigint) from wh_credential_group_membership where credential_group_key != 'no credentials' and credential_group_key != 'Unknown'; diff --git a/internal/db/sqltest/tests/wh/session_credential_dynamic/insert_multiple.sql b/internal/db/sqltest/tests/wh/session_credential_dynamic/insert_multiple.sql index aaa5c269a7..5df47cf686 100644 --- a/internal/db/sqltest/tests/wh/session_credential_dynamic/insert_multiple.sql +++ b/internal/db/sqltest/tests/wh/session_credential_dynamic/insert_multiple.sql @@ -16,10 +16,10 @@ begin; insert into session_credential_dynamic ( session_id, library_id, credential_id, credential_purpose) values - ('s1____walter', 'vl______wvl1', null, 'application'), - ('s1____walter', 'vl______wvl2', null, 'application'), - ('s1____walter', 'vl______wvl3', null, 'application'), - ('s1____walter', 'vl______wvl3', null, 'egress'); + ('s1____walter', 'vl______wvl1', null, 'brokered'), + ('s1____walter', 'vl______wvl2', null, 'brokered'), + ('s1____walter', 'vl______wvl3', null, 'brokered'), + ('s1____walter', 'vl______wvl3', null, 'injected_application'); select is(count(*), 4::bigint) from wh_credential_dimension where organization_id = 'o_____widget'; select is(count(*), 4::bigint) from wh_credential_group_membership where credential_group_key != 'no credentials' and credential_group_key != 'Unknown'; diff --git a/internal/gen/controller.swagger.json b/internal/gen/controller.swagger.json index 56ff7ed031..f73ef31c4a 100644 --- a/internal/gen/controller.swagger.json +++ b/internal/gen/controller.swagger.json @@ -2930,13 +2930,22 @@ "type": "array", "items": { "type": "string" - } + }, + "title": "Deprecated use brokered_credential_source_ids instead" }, - "egress_credential_source_ids": { + "brokered_credential_source_ids": { "type": "array", "items": { "type": "string" - } + }, + "description": "Brokered credentials are returned to the user during session authorization." + }, + "injected_application_credential_source_ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Injected application credentials are used by a Boundary worker to secure the\nconnection between the worker and the endpoint. Injected application credentials are\nnever returned to the user." } } } @@ -3126,13 +3135,22 @@ "type": "array", "items": { "type": "string" - } + }, + "title": "Deprecated use brokered_credential_source_ids instead" }, - "egress_credential_source_ids": { + "brokered_credential_source_ids": { "type": "array", "items": { "type": "string" - } + }, + "description": "Brokered credentials are returned to the user during session authorization." + }, + "injected_application_credential_source_ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Injected application credentials are used by a Boundary worker to secure the\nconnection between the worker and the endpoint. Injected application credentials are\nnever returned to the user." } } } @@ -3270,13 +3288,22 @@ "type": "array", "items": { "type": "string" - } + }, + "title": "Deprecated use brokered_credential_source_ids instead" }, - "egress_credential_source_ids": { + "brokered_credential_source_ids": { "type": "array", "items": { "type": "string" - } + }, + "description": "Brokered credentials are returned to the user during session authorization." + }, + "injected_application_credential_source_ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Injected application credentials are used by a Boundary worker to secure the\nconnection between the worker and the endpoint. Injected application credentials are\nnever returned to the user." } }, "description": "Sets the values for credential sources. Any credential_source_id field that\nis not set in the request will result in those fields being cleared." @@ -5522,7 +5549,7 @@ "items": { "type": "string" }, - "description": "Output only. The IDs of the application credential source ids associated with this Target.", + "description": "Output only. The IDs of the application credential source ids associated with this Target.\nDeprecated use \"brokered_credential_source_ids\" instead.", "readOnly": true }, "application_credential_sources": { @@ -5530,23 +5557,39 @@ "items": { "$ref": "#/definitions/controller.api.resources.targets.v1.CredentialSource" }, - "description": "Output only. The application credential sources associated with this Target.", + "description": "Output only. The application credential sources associated with this Target.\nDeprecated use \"brokered_credential_sources\" instead.", + "readOnly": true + }, + "brokered_credential_source_ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Output only. The IDs of the brokered credential source ids associated with this Target.", + "readOnly": true + }, + "brokered_credential_sources": { + "type": "array", + "items": { + "$ref": "#/definitions/controller.api.resources.targets.v1.CredentialSource" + }, + "description": "Output only. The brokered credential sources associated with this Target.", "readOnly": true }, - "egress_credential_source_ids": { + "injected_application_credential_source_ids": { "type": "array", "items": { "type": "string" }, - "description": "Output only. The IDs of the egress credential source ids associated with this Target.", + "description": "Output only. The IDs of the injected application credential source ids associated with this Target.", "readOnly": true }, - "egress_credential_sources": { + "injected_application_credential_sources": { "type": "array", "items": { "$ref": "#/definitions/controller.api.resources.targets.v1.CredentialSource" }, - "description": "Output only. The egress credential sources associated with this Target.", + "description": "Output only. The injected application credential sources associated with this Target.", "readOnly": true }, "attributes": { diff --git a/internal/gen/controller/api/services/target_service.pb.go b/internal/gen/controller/api/services/target_service.pb.go index bbb76af3df..7e8ef71e0a 100644 --- a/internal/gen/controller/api/services/target_service.pb.go +++ b/internal/gen/controller/api/services/target_service.pb.go @@ -1206,9 +1206,17 @@ type AddTargetCredentialSourcesRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + // Deprecated use brokered_credential_source_ids instead + // + // Deprecated: Do not use. ApplicationCredentialSourceIds []string `protobuf:"bytes,3,rep,name=application_credential_source_ids,proto3" json:"application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` - EgressCredentialSourceIds []string `protobuf:"bytes,4,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Brokered credentials are returned to the user during session authorization. + BrokeredCredentialSourceIds []string `protobuf:"bytes,10,rep,name=brokered_credential_source_ids,proto3" json:"brokered_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + InjectedApplicationCredentialSourceIds []string `protobuf:"bytes,20,rep,name=injected_application_credential_source_ids,proto3" json:"injected_application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *AddTargetCredentialSourcesRequest) Reset() { @@ -1257,6 +1265,7 @@ func (x *AddTargetCredentialSourcesRequest) GetVersion() uint32 { return 0 } +// Deprecated: Do not use. func (x *AddTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds() []string { if x != nil { return x.ApplicationCredentialSourceIds @@ -1264,9 +1273,16 @@ func (x *AddTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds() return nil } -func (x *AddTargetCredentialSourcesRequest) GetEgressCredentialSourceIds() []string { +func (x *AddTargetCredentialSourcesRequest) GetBrokeredCredentialSourceIds() []string { if x != nil { - return x.EgressCredentialSourceIds + return x.BrokeredCredentialSourceIds + } + return nil +} + +func (x *AddTargetCredentialSourcesRequest) GetInjectedApplicationCredentialSourceIds() []string { + if x != nil { + return x.InjectedApplicationCredentialSourceIds } return nil } @@ -1328,9 +1344,17 @@ type SetTargetCredentialSourcesRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + // Deprecated use brokered_credential_source_ids instead + // + // Deprecated: Do not use. ApplicationCredentialSourceIds []string `protobuf:"bytes,3,rep,name=application_credential_source_ids,proto3" json:"application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` - EgressCredentialSourceIds []string `protobuf:"bytes,4,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Brokered credentials are returned to the user during session authorization. + BrokeredCredentialSourceIds []string `protobuf:"bytes,10,rep,name=brokered_credential_source_ids,proto3" json:"brokered_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + InjectedApplicationCredentialSourceIds []string `protobuf:"bytes,20,rep,name=injected_application_credential_source_ids,proto3" json:"injected_application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *SetTargetCredentialSourcesRequest) Reset() { @@ -1379,6 +1403,7 @@ func (x *SetTargetCredentialSourcesRequest) GetVersion() uint32 { return 0 } +// Deprecated: Do not use. func (x *SetTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds() []string { if x != nil { return x.ApplicationCredentialSourceIds @@ -1386,9 +1411,16 @@ func (x *SetTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds() return nil } -func (x *SetTargetCredentialSourcesRequest) GetEgressCredentialSourceIds() []string { +func (x *SetTargetCredentialSourcesRequest) GetBrokeredCredentialSourceIds() []string { if x != nil { - return x.EgressCredentialSourceIds + return x.BrokeredCredentialSourceIds + } + return nil +} + +func (x *SetTargetCredentialSourcesRequest) GetInjectedApplicationCredentialSourceIds() []string { + if x != nil { + return x.InjectedApplicationCredentialSourceIds } return nil } @@ -1448,9 +1480,17 @@ type RemoveTargetCredentialSourcesRequest struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + // Deprecated use brokered_credential_source_ids instead + // + // Deprecated: Do not use. ApplicationCredentialSourceIds []string `protobuf:"bytes,3,rep,name=application_credential_source_ids,json=application_credential_source_id,proto3" json:"application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` - EgressCredentialSourceIds []string `protobuf:"bytes,4,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Brokered credentials are returned to the user during session authorization. + BrokeredCredentialSourceIds []string `protobuf:"bytes,10,rep,name=brokered_credential_source_ids,proto3" json:"brokered_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + InjectedApplicationCredentialSourceIds []string `protobuf:"bytes,20,rep,name=injected_application_credential_source_ids,proto3" json:"injected_application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *RemoveTargetCredentialSourcesRequest) Reset() { @@ -1499,6 +1539,7 @@ func (x *RemoveTargetCredentialSourcesRequest) GetVersion() uint32 { return 0 } +// Deprecated: Do not use. func (x *RemoveTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds() []string { if x != nil { return x.ApplicationCredentialSourceIds @@ -1506,9 +1547,16 @@ func (x *RemoveTargetCredentialSourcesRequest) GetApplicationCredentialSourceIds return nil } -func (x *RemoveTargetCredentialSourcesRequest) GetEgressCredentialSourceIds() []string { +func (x *RemoveTargetCredentialSourcesRequest) GetBrokeredCredentialSourceIds() []string { if x != nil { - return x.EgressCredentialSourceIds + return x.BrokeredCredentialSourceIds + } + return nil +} + +func (x *RemoveTargetCredentialSourcesRequest) GetInjectedApplicationCredentialSourceIds() []string { + if x != nil { + return x.InjectedApplicationCredentialSourceIds } return nil } @@ -1841,295 +1889,321 @@ var file_controller_api_services_v1_target_service_proto_rawDesc = []byte{ 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0xdf, 0x01, 0x0a, 0x21, 0x41, 0x64, 0x64, + 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0xeb, 0x02, 0x0a, 0x21, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, + 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x42, 0x0a, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1c, 0x65, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x22, 0x65, 0x0a, 0x22, 0x41, 0x64, - 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x3f, 0x0a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, - 0x6d, 0x22, 0xdf, 0x01, 0x0a, 0x21, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x4c, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x46, 0x0a, 0x1e, 0x62, 0x72, + 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x1e, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x73, 0x12, 0x5e, 0x0a, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, + 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, + 0x18, 0x14, 0x20, 0x03, 0x28, 0x09, 0x52, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, + 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x73, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x21, 0x61, 0x70, - 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, - 0x42, 0x0a, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x69, 0x64, 0x73, 0x22, 0x65, 0x0a, 0x22, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x69, 0x74, 0x65, - 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0xe1, 0x01, 0x0a, 0x24, 0x52, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, + 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x22, 0x65, 0x0a, 0x22, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x04, + 0x69, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0xeb, 0x02, + 0x0a, 0x21, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4b, 0x0a, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, - 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, - 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x12, 0x42, 0x0a, 0x1c, 0x65, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x22, 0x68, - 0x0a, 0x25, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, - 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0x91, 0x01, 0x0a, 0x17, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x63, 0x6f, 0x70, - 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x63, 0x6f, 0x70, - 0x65, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x22, 0x69, 0x0a, 0x18, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x69, 0x74, 0x65, 0x6d, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x32, 0xb7, 0x19, 0x0a, 0x0d, 0x54, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xa2, 0x01, 0x0a, 0x09, 0x47, 0x65, - 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, - 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x38, 0x92, 0x41, 0x17, 0x12, 0x15, 0x47, 0x65, 0x74, 0x73, 0x20, - 0x61, 0x20, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, - 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x12, 0x10, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0x9a, - 0x01, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x2e, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x2a, 0x92, 0x41, 0x14, 0x12, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x73, 0x20, 0x61, 0x6c, 0x6c, 0x20, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x0d, 0x12, 0x0b, - 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0xaf, 0x01, 0x0a, 0x0c, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x2f, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x3c, 0x92, 0x41, 0x1a, 0x12, 0x18, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x73, 0x20, 0x61, 0x20, - 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x19, 0x22, 0x0b, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x73, 0x3a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xad, 0x01, - 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x2f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x3a, 0x92, 0x41, 0x13, 0x12, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x73, 0x20, - 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x32, - 0x10, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, - 0x7d, 0x3a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xa1, 0x01, - 0x0a, 0x0c, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x2f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x2e, 0x92, 0x41, 0x13, 0x12, 0x11, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x73, 0x20, - 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x12, 0x2a, - 0x10, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, - 0x7d, 0x12, 0xcc, 0x01, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, - 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x63, 0x6f, + 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x21, 0x61, 0x70, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, + 0x46, 0x0a, 0x1e, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, + 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1e, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, + 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x5e, 0x0a, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, + 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x14, 0x20, 0x03, 0x28, 0x09, 0x52, 0x2a, 0x69, 0x6e, 0x6a, + 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x1c, 0x65, + 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x22, 0x65, 0x0a, 0x22, 0x53, + 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, + 0x65, 0x6d, 0x22, 0xed, 0x02, 0x0a, 0x24, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4f, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, + 0x42, 0x02, 0x18, 0x01, 0x52, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x12, 0x46, 0x0a, 0x1e, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, + 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1e, + 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x5e, + 0x0a, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x14, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, + 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x4a, 0x04, + 0x08, 0x04, 0x10, 0x05, 0x52, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x73, 0x22, 0x68, 0x0a, 0x25, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x04, 0x69, + 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x22, 0x91, 0x01, 0x0a, + 0x17, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x08, + 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x73, 0x63, 0x6f, 0x70, 0x65, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x6f, 0x70, 0x65, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x63, 0x6f, + 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, + 0x22, 0x69, 0x0a, 0x18, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x04, + 0x69, 0x74, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x32, 0xb7, 0x19, 0x0a, 0x0d, + 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xa2, 0x01, + 0x0a, 0x09, 0x47, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x4d, 0x92, 0x41, 0x17, 0x12, 0x15, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, - 0x65, 0x73, 0x20, 0x61, 0x20, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x82, 0xd3, 0xe4, - 0x93, 0x02, 0x2d, 0x22, 0x22, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, - 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x2d, - 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, - 0x12, 0xda, 0x01, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, - 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x12, 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, - 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x58, 0x92, 0x41, 0x26, 0x12, 0x24, 0x41, 0x64, 0x64, 0x73, 0x20, 0x65, - 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x65, 0x74, - 0x73, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x29, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, - 0x73, 0x65, 0x74, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xd7, 0x01, - 0x0a, 0x11, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, - 0x65, 0x74, 0x73, 0x12, 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, - 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x55, 0x92, 0x41, 0x23, 0x12, 0x21, 0x53, 0x65, 0x74, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x65, 0x74, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x22, 0x1e, - 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, - 0x3a, 0x73, 0x65, 0x74, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x65, 0x74, 0x73, 0x3a, 0x01, - 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xe4, 0x01, 0x0a, 0x14, 0x52, 0x65, 0x6d, 0x6f, - 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, - 0x12, 0x37, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, - 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, - 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x59, 0x92, 0x41, 0x24, 0x12, 0x22, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, - 0x73, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x65, 0x74, 0x73, 0x20, 0x66, 0x72, 0x6f, 0x6d, + 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x38, 0x92, 0x41, 0x17, 0x12, 0x15, 0x47, + 0x65, 0x74, 0x73, 0x20, 0x61, 0x20, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x54, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x12, 0x10, 0x2f, 0x76, 0x31, 0x2f, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x62, 0x04, 0x69, 0x74, + 0x65, 0x6d, 0x12, 0x9a, 0x01, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x73, 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x2a, 0x92, 0x41, 0x14, 0x12, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x73, 0x20, + 0x61, 0x6c, 0x6c, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x82, 0xd3, 0xe4, 0x93, + 0x02, 0x0d, 0x12, 0x0b, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, + 0xaf, 0x01, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x12, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x3c, 0x92, 0x41, 0x1a, 0x12, 0x18, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x73, 0x20, 0x61, 0x20, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x19, 0x22, 0x0b, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x73, 0x3a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x62, 0x04, 0x69, 0x74, 0x65, + 0x6d, 0x12, 0xad, 0x01, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x12, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3a, 0x92, 0x41, 0x13, 0x12, 0x11, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x73, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, + 0x93, 0x02, 0x1e, 0x32, 0x10, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, + 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x62, 0x04, 0x69, 0x74, 0x65, + 0x6d, 0x12, 0xa1, 0x01, 0x0a, 0x0c, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x12, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2e, 0x92, 0x41, 0x13, 0x12, 0x11, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x73, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, + 0x93, 0x02, 0x12, 0x2a, 0x10, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, + 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x12, 0xcc, 0x01, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4d, 0x92, 0x41, 0x17, 0x12, 0x15, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x73, 0x20, 0x61, 0x20, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, + 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2d, 0x22, 0x22, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x65, 0x2d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x3a, 0x01, 0x2a, 0x62, 0x04, + 0x69, 0x74, 0x65, 0x6d, 0x12, 0xda, 0x01, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x12, 0x34, 0x2e, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, + 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x58, 0x92, 0x41, 0x26, 0x12, 0x24, 0x41, 0x64, + 0x64, 0x73, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x48, 0x6f, 0x73, 0x74, + 0x20, 0x53, 0x65, 0x74, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x68, + 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x65, 0x74, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, + 0x6d, 0x12, 0xd7, 0x01, 0x0a, 0x11, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, + 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x12, 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, + 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, + 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x55, 0x92, 0x41, 0x23, 0x12, 0x21, 0x53, 0x65, 0x74, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x65, 0x74, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, + 0x02, 0x29, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, + 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x65, + 0x74, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xe4, 0x01, 0x0a, 0x14, + 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, + 0x53, 0x65, 0x74, 0x73, 0x12, 0x37, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, + 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, + 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, + 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x74, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x59, 0x92, 0x41, 0x24, 0x12, 0x22, 0x52, 0x65, + 0x6d, 0x6f, 0x76, 0x65, 0x73, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x65, 0x74, 0x73, 0x20, + 0x66, 0x72, 0x6f, 0x6d, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, + 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2c, 0x22, 0x21, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, + 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x65, 0x74, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, + 0x65, 0x6d, 0x12, 0xe9, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x37, 0x2e, 0x63, 0x6f, + 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, + 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, + 0x92, 0x41, 0x29, 0x12, 0x27, 0x41, 0x64, 0x64, 0x73, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, + 0x6e, 0x67, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, + 0x74, 0x6f, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2c, 0x22, 0x21, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, - 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, 0x68, 0x6f, 0x73, 0x74, - 0x2d, 0x73, 0x65, 0x74, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xe9, - 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, + 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xe9, + 0x01, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x37, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, + 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, - 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, + 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x92, 0x41, 0x29, 0x12, - 0x27, 0x41, 0x64, 0x64, 0x73, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x48, - 0x6f, 0x73, 0x74, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x61, + 0x27, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x48, 0x6f, 0x73, + 0x74, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2c, 0x22, 0x21, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, - 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xe9, 0x01, 0x0a, 0x14, 0x53, - 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x12, 0x37, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x92, 0x41, 0x29, 0x12, 0x27, 0x53, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2c, 0x22, 0x21, 0x2f, 0x76, 0x31, 0x2f, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x73, 0x65, 0x74, - 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, - 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xf3, 0x01, 0x0a, 0x17, 0x52, 0x65, 0x6d, 0x6f, 0x76, - 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x12, 0x3a, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x3a, 0x73, 0x65, 0x74, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0xf3, 0x01, 0x0a, 0x17, 0x52, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, + 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x3b, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3b, + 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x5f, 0x92, 0x41, 0x27, 0x12, 0x25, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x73, 0x20, 0x48, 0x6f, + 0x73, 0x74, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x66, 0x72, 0x6f, 0x6d, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, + 0x2f, 0x22, 0x24, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, + 0x69, 0x64, 0x7d, 0x3a, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, + 0x12, 0x87, 0x02, 0x0a, 0x1a, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, + 0x3d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, + 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, - 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5f, 0x92, 0x41, 0x27, - 0x12, 0x25, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x73, 0x20, 0x48, 0x6f, 0x73, 0x74, 0x20, 0x53, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x66, 0x72, 0x6f, 0x6d, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2f, 0x22, 0x24, 0x2f, - 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, - 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0x87, 0x02, 0x0a, - 0x1a, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3d, 0x2e, 0x63, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6a, + 0x92, 0x41, 0x2f, 0x12, 0x2d, 0x41, 0x64, 0x64, 0x73, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, + 0x6e, 0x67, 0x20, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x32, 0x22, 0x27, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x63, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0x84, 0x02, 0x0a, 0x1a, 0x53, + 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, + 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x67, 0x92, 0x41, 0x2c, 0x12, 0x2a, 0x53, + 0x65, 0x74, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x32, 0x22, + 0x27, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, + 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x2d, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, + 0x6d, 0x12, 0x91, 0x02, 0x0a, 0x1d, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x54, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6a, 0x92, 0x41, 0x2f, 0x12, - 0x2d, 0x41, 0x64, 0x64, 0x73, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x43, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x20, 0x74, 0x6f, 0x20, 0x61, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, - 0xe4, 0x93, 0x02, 0x32, 0x22, 0x27, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x61, 0x64, 0x64, 0x2d, 0x63, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, - 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0x84, 0x02, 0x0a, 0x1a, 0x53, 0x65, 0x74, 0x54, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, + 0x63, 0x65, 0x73, 0x12, 0x40, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, - 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x67, 0x92, 0x41, 0x2c, 0x12, 0x2a, 0x53, 0x65, 0x74, 0x73, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x20, 0x53, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x32, 0x22, 0x27, 0x2f, 0x76, 0x31, - 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x73, 0x65, - 0x74, 0x2d, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x2d, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, 0x6d, 0x12, 0x91, 0x02, - 0x0a, 0x1d, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, - 0x40, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, - 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x41, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6b, 0x92, 0x41, 0x2d, 0x12, 0x2b, 0x52, 0x65, 0x6d, 0x6f, 0x76, - 0x65, 0x73, 0x20, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x66, 0x72, 0x6f, 0x6d, 0x20, 0x74, 0x68, 0x65, 0x20, 0x54, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x35, 0x22, 0x2a, 0x2f, 0x76, - 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, 0x64, 0x7d, 0x3a, 0x72, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, - 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, 0x04, 0x69, 0x74, 0x65, - 0x6d, 0x42, 0x57, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, - 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x67, 0x65, 0x6e, 0x2f, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0xa2, 0xe3, 0x29, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x43, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6b, 0x92, 0x41, 0x2d, 0x12, 0x2b, 0x52, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x73, 0x20, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x20, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x20, 0x66, 0x72, 0x6f, 0x6d, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x2e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x35, + 0x22, 0x2a, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2f, 0x7b, 0x69, + 0x64, 0x7d, 0x3a, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x2d, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x61, 0x6c, 0x2d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0x62, + 0x04, 0x69, 0x74, 0x65, 0x6d, 0x42, 0x57, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, + 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, + 0x67, 0x65, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x3b, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x73, 0xa2, 0xe3, 0x29, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/internal/host/static/repository_host_set_member.go b/internal/host/static/repository_host_set_member.go index cf8021c882..b07770ad6b 100644 --- a/internal/host/static/repository_host_set_member.go +++ b/internal/host/static/repository_host_set_member.go @@ -6,12 +6,11 @@ import ( "fmt" "strings" - wrapping "github.com/hashicorp/go-kms-wrapping/v2" - "github.com/hashicorp/boundary/internal/db" "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/kms" "github.com/hashicorp/boundary/internal/oplog" + wrapping "github.com/hashicorp/go-kms-wrapping/v2" ) // AddSetMembers adds hostIds to setId in the repository. It returns a diff --git a/internal/proto/controller/api/resources/targets/v1/target.proto b/internal/proto/controller/api/resources/targets/v1/target.proto index 96df857cd5..1cdb8c5838 100644 --- a/internal/proto/controller/api/resources/targets/v1/target.proto +++ b/internal/proto/controller/api/resources/targets/v1/target.proto @@ -159,14 +159,27 @@ message Target { ]; // @gotags: `class:"public"` // Output only. The IDs of the application credential source ids associated with this Target. - repeated string application_credential_source_ids = 400 [json_name = "application_credential_source_ids"]; // @gotags: `class:"public"` + // Deprecated use "brokered_credential_source_ids" instead. + repeated string application_credential_source_ids = 400 [ + json_name = "application_credential_source_ids", + deprecated = true + ]; // @gotags: `class:"public"` // Output only. The application credential sources associated with this Target. - repeated CredentialSource application_credential_sources = 410 [json_name = "application_credential_sources"]; - - // Output only. The IDs of the egress credential source ids associated with this Target. - repeated string egress_credential_source_ids = 500 [json_name = "egress_credential_source_ids"]; // @gotags: `class:"public"` - // Output only. The egress credential sources associated with this Target. - repeated CredentialSource egress_credential_sources = 510 [json_name = "egress_credential_sources"]; + // Deprecated use "brokered_credential_sources" instead. + repeated CredentialSource application_credential_sources = 410 [ + json_name = "application_credential_sources", + deprecated = true + ]; + + // Output only. The IDs of the brokered credential source ids associated with this Target. + repeated string brokered_credential_source_ids = 440 [json_name = "brokered_credential_source_ids"]; // @gotags: `class:"public"` + // Output only. The brokered credential sources associated with this Target. + repeated CredentialSource brokered_credential_sources = 450 [json_name = "brokered_credential_sources"]; + + // Output only. The IDs of the injected application credential source ids associated with this Target. + repeated string injected_application_credential_source_ids = 520 [json_name = "injected_application_credential_source_ids"]; // @gotags: `class:"public"` + // Output only. The injected application credential sources associated with this Target. + repeated CredentialSource injected_application_credential_sources = 530 [json_name = "injected_application_credential_sources"]; oneof attrs { // The attributes that are applicable for the specific Target. @@ -187,6 +200,8 @@ message Target { // Deprecated fields reserved "application_credential_library_ids", "application_credential_libraries"; reserved 150, 180; + reserved "egress_credential_source_ids", "egress_credential_sources"; + reserved 500, 510; } // TcpTargetAttributes contains attributes relevant to Targets of type "tcp" diff --git a/internal/proto/controller/api/services/v1/target_service.proto b/internal/proto/controller/api/services/v1/target_service.proto index e255325ff4..0d3f3e6344 100644 --- a/internal/proto/controller/api/services/v1/target_service.proto +++ b/internal/proto/controller/api/services/v1/target_service.proto @@ -378,8 +378,24 @@ message AddTargetCredentialSourcesRequest { // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. uint32 version = 2; // @gotags: `class:"public"` - repeated string application_credential_source_ids = 3 [json_name = "application_credential_source_ids"]; // @gotags: `class:"public"` - repeated string egress_credential_source_ids = 4 [json_name = "egress_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated use brokered_credential_source_ids instead + repeated string application_credential_source_ids = 3 [ + json_name = "application_credential_source_ids", + deprecated = true + ]; // @gotags: `class:"public"` + + // Brokered credentials are returned to the user during session authorization. + repeated string brokered_credential_source_ids = 10 [json_name = "brokered_credential_source_ids"]; // @gotags: `class:"public"` + + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + repeated string injected_application_credential_source_ids = 20 [json_name = "injected_application_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated fields + reserved "egress_credential_source_ids"; + reserved 4; } message AddTargetCredentialSourcesResponse { @@ -393,8 +409,24 @@ message SetTargetCredentialSourcesRequest { // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. uint32 version = 2; // @gotags: `class:"public"` - repeated string application_credential_source_ids = 3 [json_name = "application_credential_source_ids"]; // @gotags: `class:"public"` - repeated string egress_credential_source_ids = 4 [json_name = "egress_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated use brokered_credential_source_ids instead + repeated string application_credential_source_ids = 3 [ + json_name = "application_credential_source_ids", + deprecated = true + ]; // @gotags: `class:"public"` + + // Brokered credentials are returned to the user during session authorization. + repeated string brokered_credential_source_ids = 10 [json_name = "brokered_credential_source_ids"]; // @gotags: `class:"public"` + + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + repeated string injected_application_credential_source_ids = 20 [json_name = "injected_application_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated fields + reserved "egress_credential_source_ids"; + reserved 4; } message SetTargetCredentialSourcesResponse { @@ -406,8 +438,24 @@ message RemoveTargetCredentialSourcesRequest { // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. uint32 version = 2; // @gotags: `class:"public"` - repeated string application_credential_source_ids = 3 [json_name = "application_credential_source_id"]; // @gotags: `class:"public"` - repeated string egress_credential_source_ids = 4 [json_name = "egress_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated use brokered_credential_source_ids instead + repeated string application_credential_source_ids = 3 [ + json_name = "application_credential_source_id", + deprecated = true + ]; // @gotags: `class:"public"` + + // Brokered credentials are returned to the user during session authorization. + repeated string brokered_credential_source_ids = 10 [json_name = "brokered_credential_source_ids"]; // @gotags: `class:"public"` + + // Injected application credentials are used by a Boundary worker to secure the + // connection between the worker and the endpoint. Injected application credentials are + // never returned to the user. + repeated string injected_application_credential_source_ids = 20 [json_name = "injected_application_credential_source_ids"]; // @gotags: `class:"public"` + + // Deprecated fields + reserved "egress_credential_source_ids"; + reserved 4; } message RemoveTargetCredentialSourcesResponse { diff --git a/internal/session/repository_session_test.go b/internal/session/repository_session_test.go index c0618842d1..006ae410b9 100644 --- a/internal/session/repository_session_test.go +++ b/internal/session/repository_session_test.go @@ -1470,19 +1470,19 @@ func testSessionCredentialParams(t *testing.T, conn *db.DB, wrapper wrapping.Wra upCreds := credstatic.TestUsernamePasswordCredentials(t, conn, wrapper, "u", "p", staticStore.GetPublicId(), params.ScopeId, 2) ids := target.CredentialSources{ - ApplicationCredentialIds: []string{libIds[0].GetPublicId(), libIds[1].GetPublicId(), upCreds[0].GetPublicId(), upCreds[1].GetPublicId()}, + BrokeredCredentialIds: []string{libIds[0].GetPublicId(), libIds[1].GetPublicId(), upCreds[0].GetPublicId(), upCreds[1].GetPublicId()}, } _, _, _, err = targetRepo.AddTargetCredentialSources(ctx, tar.GetPublicId(), tar.GetVersion(), ids) require.NoError(err) dynamicCreds := []*DynamicCredential{ - NewDynamicCredential(libIds[0].GetPublicId(), cred.ApplicationPurpose), - NewDynamicCredential(libIds[1].GetPublicId(), cred.ApplicationPurpose), + NewDynamicCredential(libIds[0].GetPublicId(), cred.BrokeredPurpose), + NewDynamicCredential(libIds[1].GetPublicId(), cred.BrokeredPurpose), } params.DynamicCredentials = dynamicCreds staticCreds := []*StaticCredential{ - NewStaticCredential(upCreds[0].GetPublicId(), cred.ApplicationPurpose), - NewStaticCredential(upCreds[1].GetPublicId(), cred.ApplicationPurpose), + NewStaticCredential(upCreds[0].GetPublicId(), cred.BrokeredPurpose), + NewStaticCredential(upCreds[1].GetPublicId(), cred.BrokeredPurpose), } params.StaticCredentials = staticCreds return params diff --git a/internal/target/credential_library_test.go b/internal/target/credential_library_test.go index fb36b27f9d..84374fa0d8 100644 --- a/internal/target/credential_library_test.go +++ b/internal/target/credential_library_test.go @@ -46,7 +46,7 @@ func TestCredentialLibrary_New(t *testing.T) { CredentialLibrary: &store.CredentialLibrary{ TargetId: "targ_0000000", CredentialLibraryId: "lib_0000000", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -55,7 +55,7 @@ func TestCredentialLibrary_New(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { assert, require := assert.New(t), require.New(t) - got, err := target.NewCredentialLibrary(tt.args.targetId, tt.args.libraryId, credential.ApplicationPurpose) + got, err := target.NewCredentialLibrary(tt.args.targetId, tt.args.libraryId, credential.BrokeredPurpose) if tt.wantErr != 0 { assert.Truef(errors.Match(errors.T(tt.wantErr), err), "want err: %q got: %q", tt.wantErr, err) assert.Nil(got) diff --git a/internal/target/credential_source.go b/internal/target/credential_source.go index fcad085b7e..6b2faf208e 100644 --- a/internal/target/credential_source.go +++ b/internal/target/credential_source.go @@ -29,8 +29,8 @@ type CredentialSource interface { // CredentialSources contains slices of credential publicIds // per purpose to be attached to the target. type CredentialSources struct { - ApplicationCredentialIds []string - EgressCredentialIds []string + BrokeredCredentialIds []string + InjectedApplicationCredentialIds []string } // A TargetCredentialSource represents the relationship between a target and a diff --git a/internal/target/credential_test.go b/internal/target/credential_test.go index 7915f87a9e..a7409154d4 100644 --- a/internal/target/credential_test.go +++ b/internal/target/credential_test.go @@ -46,7 +46,7 @@ func TestStaticCredential_New(t *testing.T) { StaticCredential: &store.StaticCredential{ TargetId: "targ_0000000", CredentialId: "cred_0000000", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -55,7 +55,7 @@ func TestStaticCredential_New(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { assert, require := assert.New(t), require.New(t) - got, err := target.NewStaticCredential(tt.args.targetId, tt.args.credId, credential.ApplicationPurpose) + got, err := target.NewStaticCredential(tt.args.targetId, tt.args.credId, credential.BrokeredPurpose) if tt.wantErr != 0 { assert.Truef(errors.Match(errors.T(tt.wantErr), err), "want err: %q got: %q", tt.wantErr, err) assert.Nil(got) diff --git a/internal/target/options_test.go b/internal/target/options_test.go index fad53f0df6..df508c6653 100644 --- a/internal/target/options_test.go +++ b/internal/target/options_test.go @@ -114,13 +114,13 @@ func Test_GetOpts(t *testing.T) { { CredentialLibrary: &store.CredentialLibrary{ CredentialLibraryId: "alice", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, { CredentialLibrary: &store.CredentialLibrary{ CredentialLibraryId: "bob", - CredentialPurpose: string(credential.EgressPurpose), + CredentialPurpose: string(credential.InjectedApplicationPurpose), }, }, })) @@ -129,13 +129,13 @@ func Test_GetOpts(t *testing.T) { { CredentialLibrary: &store.CredentialLibrary{ CredentialLibraryId: "alice", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, { CredentialLibrary: &store.CredentialLibrary{ CredentialLibraryId: "bob", - CredentialPurpose: string(credential.EgressPurpose), + CredentialPurpose: string(credential.InjectedApplicationPurpose), }, }, } @@ -147,13 +147,13 @@ func Test_GetOpts(t *testing.T) { { StaticCredential: &store.StaticCredential{ CredentialId: "alice", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, { StaticCredential: &store.StaticCredential{ CredentialId: "bob", - CredentialPurpose: string(credential.EgressPurpose), + CredentialPurpose: string(credential.InjectedApplicationPurpose), }, }, })) @@ -162,13 +162,13 @@ func Test_GetOpts(t *testing.T) { { StaticCredential: &store.StaticCredential{ CredentialId: "alice", - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, { StaticCredential: &store.StaticCredential{ CredentialId: "bob", - CredentialPurpose: string(credential.EgressPurpose), + CredentialPurpose: string(credential.InjectedApplicationPurpose), }, }, } diff --git a/internal/target/repository_credential_source.go b/internal/target/repository_credential_source.go index bcd2c65a73..17198b0d19 100644 --- a/internal/target/repository_credential_source.go +++ b/internal/target/repository_credential_source.go @@ -263,8 +263,8 @@ func (r *Repository) SetTargetCredentialSources(ctx context.Context, targetId st ) byPurpose := map[credential.Purpose][]string{ - credential.ApplicationPurpose: ids.ApplicationCredentialIds, - credential.EgressPurpose: ids.EgressCredentialIds, + credential.BrokeredPurpose: ids.BrokeredCredentialIds, + credential.InjectedApplicationPurpose: ids.InjectedApplicationCredentialIds, } for p, ids := range byPurpose { addL, delL, addS, delS, err := r.changes(ctx, targetId, ids, p) @@ -526,9 +526,7 @@ func (r *Repository) createSources(ctx context.Context, tId string, tSubtype sub const op = "target.(Repository).createSources" // Get a list of unique ids being attached to the target, to be used for looking up the source type (library or static) - ids := make([]string, 0, len(credSources.ApplicationCredentialIds)+len(credSources.EgressCredentialIds)) - ids = append(ids, credSources.ApplicationCredentialIds...) - ids = append(ids, credSources.EgressCredentialIds...) + ids := strutil.MergeSlices(credSources.BrokeredCredentialIds, credSources.InjectedApplicationCredentialIds) totalCreds := len(ids) ids = strutil.RemoveDuplicates(ids, false) if len(ids) == 0 { @@ -555,8 +553,8 @@ func (r *Repository) createSources(ctx context.Context, tId string, tSubtype sub credLibs := make([]*CredentialLibrary, 0, totalCreds) staticCred := make([]*StaticCredential, 0, totalCreds) byPurpose := map[credential.Purpose][]string{ - credential.ApplicationPurpose: credSources.ApplicationCredentialIds, - credential.EgressPurpose: credSources.EgressCredentialIds, + credential.BrokeredPurpose: credSources.BrokeredCredentialIds, + credential.InjectedApplicationPurpose: credSources.InjectedApplicationCredentialIds, } for purpose, ids := range byPurpose { for _, id := range ids { diff --git a/internal/target/repository_credential_source_test.go b/internal/target/repository_credential_source_test.go index e399ffeadb..315749e88b 100644 --- a/internal/target/repository_credential_source_test.go +++ b/internal/target/repository_credential_source_test.go @@ -68,11 +68,11 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { credLibs := vault.TestCredentialLibraries(t, conn, wrapper, storeVault.GetPublicId(), 5) var ids target.CredentialSources for _, cl := range credLibs { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, cl.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, cl.GetPublicId()) } creds := static.TestUsernamePasswordCredentials(t, conn, wrapper, "u", "p", storeStatic.GetPublicId(), proj.GetPublicId(), 5) for _, cred := range creds { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, cred.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, cred.GetPublicId()) } _, _, created, err := repo.AddTargetCredentialSources(context.Background(), tar.GetPublicId(), 1, ids) @@ -118,7 +118,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -131,7 +131,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId}, }, addToOrigSources: true, }, @@ -144,7 +144,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, lib1.PublicId, cred2.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, lib1.PublicId, cred2.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -157,7 +157,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 0, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -170,7 +170,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 1000, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -183,7 +183,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: false, }, @@ -196,7 +196,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId}, }, addToOrigSources: false, }, @@ -209,7 +209,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, lib2.PublicId}, }, addToOrigSources: false, }, @@ -217,12 +217,12 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { wantAffectedRows: 12, }, { - name: "egress-credential-purpose", + name: "injected-application-credential-purpose", setup: setupFn, args: args{ targetVersion: 2, ids: target.CredentialSources{ - EgressCredentialIds: []string{lib1.PublicId}, + InjectedApplicationCredentialIds: []string{lib1.PublicId}, }, addToOrigSources: true, }, @@ -243,14 +243,14 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { origCredSources, origCredIds = tt.setup(tar) if tt.args.addToOrigSources { - tt.args.ids.ApplicationCredentialIds = append(tt.args.ids.ApplicationCredentialIds, origCredIds.ApplicationCredentialIds...) - tt.args.ids.EgressCredentialIds = append(tt.args.ids.EgressCredentialIds, origCredIds.EgressCredentialIds...) + tt.args.ids.BrokeredCredentialIds = append(tt.args.ids.BrokeredCredentialIds, origCredIds.BrokeredCredentialIds...) + tt.args.ids.InjectedApplicationCredentialIds = append(tt.args.ids.InjectedApplicationCredentialIds, origCredIds.InjectedApplicationCredentialIds...) } } byPurpose := map[credential.Purpose][]string{ - credential.ApplicationPurpose: tt.args.ids.ApplicationCredentialIds, - credential.EgressPurpose: tt.args.ids.EgressCredentialIds, + credential.BrokeredPurpose: tt.args.ids.BrokeredCredentialIds, + credential.InjectedApplicationPurpose: tt.args.ids.InjectedApplicationCredentialIds, } for purpose, ids := range byPurpose { for _, id := range ids { @@ -297,7 +297,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { assert, require := assert.New(t), require.New(t) _, _, _, err := repo.SetTargetCredentialSources(context.Background(), "", 1, - target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}) + target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}) require.Error(err) assert.Truef(errors.Match(errors.T(errors.InvalidParameter), err), "unexpected error %s", err.Error()) @@ -306,7 +306,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { assert, require := assert.New(t), require.New(t) _, _, _, err := repo.SetTargetCredentialSources(context.Background(), "fake-target-id", 1, - target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}) + target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}) require.Error(err) assert.Truef(errors.Match(errors.T(errors.RecordNotFound), err), "unexpected error %s", err.Error()) diff --git a/internal/target/tcp/register.go b/internal/target/tcp/register.go index ca4d81339d..febf7aa3f0 100644 --- a/internal/target/tcp/register.go +++ b/internal/target/tcp/register.go @@ -72,18 +72,18 @@ func (h targetHooks) VetForUpdate(ctx context.Context, t target.Target, paths [] } // VetCredentialSources checks that all the provided credential sources have a CredentialPurpose -// of ApplicationPurpose. Any other CredentialPurpose will result in an error. +// of BrokeredPurpose. Any other CredentialPurpose will result in an error. func (h targetHooks) VetCredentialSources(ctx context.Context, libs []*target.CredentialLibrary, creds []*target.StaticCredential) error { const op = "tcp.VetCredentialSources" for _, c := range libs { - if c.GetCredentialPurpose() != string(credential.ApplicationPurpose) { - return errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("tcp.Target only supports credential purpose: %q", credential.ApplicationPurpose)) + if c.GetCredentialPurpose() != string(credential.BrokeredPurpose) { + return errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("tcp.Target only supports credential purpose: %q", credential.BrokeredPurpose)) } } for _, c := range creds { - if c.GetCredentialPurpose() != string(credential.ApplicationPurpose) { - return errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("tcp.Target only supports credential purpose: %q", credential.ApplicationPurpose)) + if c.GetCredentialPurpose() != string(credential.BrokeredPurpose) { + return errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("tcp.Target only supports credential purpose: %q", credential.BrokeredPurpose)) } } return nil diff --git a/internal/target/tcp/repository_credential_source_test.go b/internal/target/tcp/repository_credential_source_test.go index 0576feda64..79c76d9bc2 100644 --- a/internal/target/tcp/repository_credential_source_test.go +++ b/internal/target/tcp/repository_credential_source_test.go @@ -77,13 +77,13 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { name: "valid-single-library", args: args{ targetVersion: 1, - ids: target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}, + ids: target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}, }, wantCredSources: map[string]target.CredentialSource{ - lib1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -93,13 +93,13 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { name: "valid-single-static", args: args{ targetVersion: 1, - ids: target.CredentialSources{ApplicationCredentialIds: []string{cred1.PublicId}}, + ids: target.CredentialSources{BrokeredCredentialIds: []string{cred1.PublicId}}, }, wantCredSources: map[string]target.CredentialSource{ - cred1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -109,25 +109,25 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { name: "valid-multiple-libraries", args: args{ targetVersion: 1, - ids: target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId, lib3.PublicId}}, + ids: target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId, lib3.PublicId}}, }, wantCredSources: map[string]target.CredentialSource{ - lib1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - lib2.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib2.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib2.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - lib3.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib3.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib3.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -137,25 +137,25 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { name: "valid-multiple-static", args: args{ targetVersion: 1, - ids: target.CredentialSources{ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId, cred3.PublicId}}, + ids: target.CredentialSources{BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId, cred3.PublicId}}, }, wantCredSources: map[string]target.CredentialSource{ - cred1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - cred2.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred2.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred2.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - cred3.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred3.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred3.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -166,32 +166,32 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 1, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId, lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId, lib1.PublicId, lib2.PublicId}, }, }, wantCredSources: map[string]target.CredentialSource{ - cred1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - cred2.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + cred2.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: cred2.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - lib1.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib1.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib1.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, - lib2.PublicId + "_" + string(credential.ApplicationPurpose): &target.TargetCredentialSource{ + lib2.PublicId + "_" + string(credential.BrokeredPurpose): &target.TargetCredentialSource{ CredentialSource: &store.CredentialSource{ CredentialSourceId: lib2.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }, }, @@ -202,26 +202,26 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 1, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, cred2.PublicId, "invalid-source-id", lib3.PublicId, cred3.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, cred2.PublicId, "invalid-source-id", lib3.PublicId, cred3.PublicId}, }, }, wantErr: true, wantErrCode: errors.NotSpecificIntegrity, }, { - name: "egress-credential-purpose-library", + name: "injected-app-credential-purpose-library", args: args{ targetVersion: 1, - ids: target.CredentialSources{EgressCredentialIds: []string{lib1.PublicId}}, + ids: target.CredentialSources{InjectedApplicationCredentialIds: []string{lib1.PublicId}}, }, wantErr: true, wantErrCode: errors.InvalidParameter, }, { - name: "egress-credential-purpose-static", + name: "injected-app-credential-purpose-static", args: args{ targetVersion: 1, - ids: target.CredentialSources{EgressCredentialIds: []string{cred1.PublicId}}, + ids: target.CredentialSources{InjectedApplicationCredentialIds: []string{cred1.PublicId}}, }, wantErr: true, wantErrCode: errors.InvalidParameter, @@ -230,7 +230,7 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { name: "bad-version", args: args{ targetVersion: 1000, - ids: target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}, + ids: target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}, }, wantErr: true, wantErrCode: errors.VersionMismatch, @@ -286,7 +286,7 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { projTarget := tcp.TestTarget(ctx, t, conn, staticProj.PublicId, "add-existing") ids := target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId}, } _, _, gotCredSources, err := repo.AddTargetCredentialSources(ctx, projTarget.GetPublicId(), 1, ids) require.NoError(err) @@ -295,7 +295,7 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { // Adding lib1 again should error ids = target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId}, } _, _, _, err = repo.AddTargetCredentialSources(ctx, projTarget.GetPublicId(), 2, ids) require.Error(err) @@ -303,7 +303,7 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { // Adding multiple with lib1 in set should error ids = target.CredentialSources{ - ApplicationCredentialIds: []string{lib3.PublicId, lib2.PublicId, lib1.PublicId}, + BrokeredCredentialIds: []string{lib3.PublicId, lib2.PublicId, lib1.PublicId}, } _, _, _, err = repo.AddTargetCredentialSources(ctx, projTarget.GetPublicId(), 2, ids) require.Error(err) @@ -319,7 +319,7 @@ func TestRepository_AddTargetCredentialSources(t *testing.T) { assert, require := assert.New(t), require.New(t) ids := target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId}, } _, _, _, err := repo.AddTargetCredentialSources(context.Background(), "fake-target-id", 1, ids) @@ -463,11 +463,11 @@ func TestRepository_DeleteTargetCredentialSources(t *testing.T) { var ids target.CredentialSources credLibs := vault.TestCredentialLibraries(t, conn, wrapper, csv.PublicId, tt.args.createLibCnt) for _, cl := range credLibs { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, cl.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, cl.GetPublicId()) } creds := static.TestUsernamePasswordCredentials(t, conn, wrapper, "u", "p", css.PublicId, proj.GetPublicId(), tt.args.createStaticCnt) for _, c := range creds { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, c.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, c.GetPublicId()) } _, _, addedCredSources, err := repo.AddTargetCredentialSources(ctx, tar.GetPublicId(), 1, ids) @@ -476,10 +476,10 @@ func TestRepository_DeleteTargetCredentialSources(t *testing.T) { var deleteIds target.CredentialSources for i := 0; i < tt.args.deleteLibCnt; i++ { - deleteIds.ApplicationCredentialIds = append(deleteIds.ApplicationCredentialIds, credLibs[i].GetPublicId()) + deleteIds.BrokeredCredentialIds = append(deleteIds.BrokeredCredentialIds, credLibs[i].GetPublicId()) } for i := 0; i < tt.args.deleteStaticCnt; i++ { - deleteIds.ApplicationCredentialIds = append(deleteIds.ApplicationCredentialIds, creds[i].GetPublicId()) + deleteIds.BrokeredCredentialIds = append(deleteIds.BrokeredCredentialIds, creds[i].GetPublicId()) } var targetId string @@ -526,7 +526,7 @@ func TestRepository_DeleteTargetCredentialSources(t *testing.T) { projTarget := tcp.TestTarget(ctx, t, conn, proj.PublicId, "add-existing") ids := target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.GetPublicId(), lib2.GetPublicId()}, + BrokeredCredentialIds: []string{lib1.GetPublicId(), lib2.GetPublicId()}, } _, _, gotCredSources, err := repo.AddTargetCredentialSources(ctx, projTarget.GetPublicId(), 1, ids) require.NoError(err) @@ -535,7 +535,7 @@ func TestRepository_DeleteTargetCredentialSources(t *testing.T) { // Deleting an unassociated source should return an error delCount, err := repo.DeleteTargetCredentialSources(ctx, projTarget.GetPublicId(), 2, target.CredentialSources{ - ApplicationCredentialIds: []string{lib3.GetPublicId()}, + BrokeredCredentialIds: []string{lib3.GetPublicId()}, }) require.Error(err) assert.True(errors.Match(errors.T(errors.MultipleRecords), err)) @@ -544,7 +544,7 @@ func TestRepository_DeleteTargetCredentialSources(t *testing.T) { // Deleting sources which includes an unassociated source should return an error delCount, err = repo.DeleteTargetCredentialSources(ctx, projTarget.GetPublicId(), 2, target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.GetPublicId(), lib2.GetPublicId(), lib3.GetPublicId()}, + BrokeredCredentialIds: []string{lib1.GetPublicId(), lib2.GetPublicId(), lib3.GetPublicId()}, }) require.Error(err) assert.True(errors.Match(errors.T(errors.MultipleRecords), err)) @@ -583,11 +583,11 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { credLibs := vault.TestCredentialLibraries(t, conn, wrapper, storeVault.GetPublicId(), 5) var ids target.CredentialSources for _, cl := range credLibs { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, cl.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, cl.GetPublicId()) } creds := static.TestUsernamePasswordCredentials(t, conn, wrapper, "u", "p", storeStatic.GetPublicId(), proj.GetPublicId(), 5) for _, cred := range creds { - ids.ApplicationCredentialIds = append(ids.ApplicationCredentialIds, cred.GetPublicId()) + ids.BrokeredCredentialIds = append(ids.BrokeredCredentialIds, cred.GetPublicId()) } _, _, created, err := repo.AddTargetCredentialSources(context.Background(), tar.GetPublicId(), 1, ids) @@ -633,7 +633,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -646,7 +646,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId}, }, addToOrigSources: true, }, @@ -659,7 +659,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, lib1.PublicId, cred2.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, lib1.PublicId, cred2.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -672,7 +672,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 0, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -685,7 +685,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 1000, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: true, }, @@ -698,7 +698,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{lib1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{lib1.PublicId, lib2.PublicId}, }, addToOrigSources: false, }, @@ -711,7 +711,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, cred2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, cred2.PublicId}, }, addToOrigSources: false, }, @@ -724,7 +724,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { args: args{ targetVersion: 2, ids: target.CredentialSources{ - ApplicationCredentialIds: []string{cred1.PublicId, lib2.PublicId}, + BrokeredCredentialIds: []string{cred1.PublicId, lib2.PublicId}, }, addToOrigSources: false, }, @@ -746,14 +746,14 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { origCredSources, origCredIds = tt.setup(tar) if tt.args.addToOrigSources { - tt.args.ids.ApplicationCredentialIds = append(tt.args.ids.ApplicationCredentialIds, origCredIds.ApplicationCredentialIds...) - tt.args.ids.EgressCredentialIds = append(tt.args.ids.EgressCredentialIds, origCredIds.EgressCredentialIds...) + tt.args.ids.BrokeredCredentialIds = append(tt.args.ids.BrokeredCredentialIds, origCredIds.BrokeredCredentialIds...) + tt.args.ids.InjectedApplicationCredentialIds = append(tt.args.ids.InjectedApplicationCredentialIds, origCredIds.InjectedApplicationCredentialIds...) } } byPurpose := map[credential.Purpose][]string{ - credential.ApplicationPurpose: tt.args.ids.ApplicationCredentialIds, - credential.EgressPurpose: tt.args.ids.EgressCredentialIds, + credential.BrokeredPurpose: tt.args.ids.BrokeredCredentialIds, + credential.InjectedApplicationPurpose: tt.args.ids.InjectedApplicationCredentialIds, } for purpose, ids := range byPurpose { for _, id := range ids { @@ -800,7 +800,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { assert, require := assert.New(t), require.New(t) _, _, _, err := repo.SetTargetCredentialSources(context.Background(), "", 1, - target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}) + target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}) require.Error(err) assert.Truef(errors.Match(errors.T(errors.InvalidParameter), err), "unexpected error %s", err.Error()) @@ -809,7 +809,7 @@ func TestRepository_SetTargetCredentialSources(t *testing.T) { assert, require := assert.New(t), require.New(t) _, _, _, err := repo.SetTargetCredentialSources(context.Background(), "fake-target-id", 1, - target.CredentialSources{ApplicationCredentialIds: []string{lib1.PublicId}}) + target.CredentialSources{BrokeredCredentialIds: []string{lib1.PublicId}}) require.Error(err) assert.Truef(errors.Match(errors.T(errors.RecordNotFound), err), "unexpected error %s", err.Error()) diff --git a/internal/target/tcp/repository_tcp_target_test.go b/internal/target/tcp/repository_tcp_target_test.go index eaa690d483..3b6a0e8fda 100644 --- a/internal/target/tcp/repository_tcp_target_test.go +++ b/internal/target/tcp/repository_tcp_target_test.go @@ -33,25 +33,10 @@ func TestRepository_CreateTarget(t *testing.T) { _, proj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper)) cats := static.TestCatalogs(t, conn, proj.PublicId, 1) - hsets := static.TestSets(t, conn, cats[0].GetPublicId(), 2) - var sets []string - for _, s := range hsets { - sets = append(sets, s.PublicId) - } + static.TestSets(t, conn, cats[0].GetPublicId(), 2) cs := vault.TestCredentialStores(t, conn, wrapper, proj.GetPublicId(), 1)[0] - credSources := vault.TestCredentialLibraries(t, conn, wrapper, cs.GetPublicId(), 2) - var credLibraries []*target.CredentialLibrary - var credLibIds []string - for _, cl := range credSources { - credLibraries = append(credLibraries, &target.CredentialLibrary{ - CredentialLibrary: &store.CredentialLibrary{ - CredentialLibraryId: cl.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), - }, - }) - credLibIds = append(credLibIds, cl.PublicId) - } + vault.TestCredentialLibraries(t, conn, wrapper, cs.GetPublicId(), 2) ctx := context.Background() @@ -60,12 +45,10 @@ func TestRepository_CreateTarget(t *testing.T) { opt []target.Option } tests := []struct { - name string - args args - wantHostSources []string - wantCredLibs []string - wantErr bool - wantIsError errors.Code + name string + args args + wantErr bool + wantIsError errors.Code }{ { name: "valid-org", @@ -79,9 +62,7 @@ func TestRepository_CreateTarget(t *testing.T) { return target }(), }, - wantErr: false, - wantCredLibs: []string{}, - wantHostSources: []string{}, + wantErr: false, }, { name: "nil-target", @@ -155,17 +136,6 @@ func TestRepository_CreateTarget(t *testing.T) { } require.NoError(err) assert.NotNil(tar.GetPublicId()) - hsIds := make([]string, 0, len(hostSources)) - for _, s := range hostSources { - hsIds = append(hsIds, s.Id()) - } - assert.Equal(tt.wantHostSources, hsIds) - - clIds := make([]string, 0, len(credSources)) - for _, cl := range credSources { - clIds = append(clIds, cl.Id()) - } - assert.Equal(tt.wantCredLibs, clIds) foundTarget, foundHostSources, foundCredLibs, err := repo.LookupTarget(context.Background(), tar.GetPublicId()) assert.NoError(err) @@ -412,7 +382,7 @@ func TestRepository_UpdateTcpTarget(t *testing.T) { testCredLibs = append(testCredLibs, &target.CredentialLibrary{ CredentialLibrary: &store.CredentialLibrary{ CredentialLibraryId: cl.PublicId, - CredentialPurpose: string(credential.ApplicationPurpose), + CredentialPurpose: string(credential.BrokeredPurpose), }, }) testClIds = append(testClIds, cl.PublicId) diff --git a/internal/target/testing.go b/internal/target/testing.go index b7776733da..ef5b363215 100644 --- a/internal/target/testing.go +++ b/internal/target/testing.go @@ -37,12 +37,12 @@ func TestNewStaticCredential(targetId, credentialId string, purpose credential.P } // TestCredentialLibrary creates a CredentialLibrary for targetId and -// libraryId with the credential purpose of application. +// libraryId with the credential purpose of brokered. func TestCredentialLibrary(t testing.TB, conn *db.DB, targetId, libraryId string) *CredentialLibrary { t.Helper() require := require.New(t) rw := db.New(conn) - lib := TestNewCredentialLibrary(targetId, libraryId, credential.ApplicationPurpose) + lib := TestNewCredentialLibrary(targetId, libraryId, credential.BrokeredPurpose) err := rw.Create(context.Background(), lib) require.NoError(err) return lib diff --git a/internal/tests/api/targets/classification_test.go b/internal/tests/api/targets/classification_test.go index 3255a9e1a9..fd1ef0c6e9 100644 --- a/internal/tests/api/targets/classification_test.go +++ b/internal/tests/api/targets/classification_test.go @@ -71,11 +71,11 @@ func TestTargets(t *testing.T) { HostCatalogId: "host-catalog-id", }, }, - SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0}, - SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0}, - WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"}, - ApplicationCredentialSourceIds: []string{"application-credential-source-id"}, - ApplicationCredentialSources: []*pb.CredentialSource{ + SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0}, + SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0}, + WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"}, + BrokeredCredentialSourceIds: []string{"brokered-credential-source-id"}, + BrokeredCredentialSources: []*pb.CredentialSource{ { Id: "id", Name: "name", @@ -85,8 +85,8 @@ func TestTargets(t *testing.T) { CredentialType: "credential-type", }, }, - EgressCredentialSourceIds: []string{"egress-credential-source-id"}, - EgressCredentialSources: []*pb.CredentialSource{ + InjectedApplicationCredentialSourceIds: []string{"injected-app-credential-source-id"}, + InjectedApplicationCredentialSources: []*pb.CredentialSource{ { Id: "id", Name: "name", @@ -141,11 +141,11 @@ func TestTargets(t *testing.T) { HostCatalogId: "host-catalog-id", }, }, - SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0}, - SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0}, - WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"}, - ApplicationCredentialSourceIds: []string{"application-credential-source-id"}, - ApplicationCredentialSources: []*pb.CredentialSource{ + SessionMaxSeconds: &wrapperspb.UInt32Value{Value: 0}, + SessionConnectionLimit: &wrapperspb.Int32Value{Value: 0}, + WorkerFilter: &wrapperspb.StringValue{Value: "worker-filter"}, + BrokeredCredentialSourceIds: []string{"brokered-credential-source-id"}, + BrokeredCredentialSources: []*pb.CredentialSource{ { Id: "id", Name: "name", @@ -155,8 +155,8 @@ func TestTargets(t *testing.T) { CredentialType: "credential-type", }, }, - EgressCredentialSourceIds: []string{"egress-credential-source-id"}, - EgressCredentialSources: []*pb.CredentialSource{ + InjectedApplicationCredentialSourceIds: []string{"injected-app-credential-source-id"}, + InjectedApplicationCredentialSources: []*pb.CredentialSource{ { Id: "id", Name: "name", diff --git a/internal/tests/api/targets/target_test.go b/internal/tests/api/targets/target_test.go index d6b4810e5e..1d77490463 100644 --- a/internal/tests/api/targets/target_test.go +++ b/internal/tests/api/targets/target_test.go @@ -107,13 +107,138 @@ func TestCredentialSourcesASD(t *testing.T) { tar, err := tarClient.Create(tc.Context(), "tcp", proj.GetPublicId(), targets.WithName("foo"), targets.WithTcpTargetDefaultPort(2)) require.NoError(err) require.NotNil(tar) + assert.Empty(tar.Item.BrokeredCredentialSourceIds) + + // Add first Vault library + tar, err = tarClient.AddCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, + targets.WithBrokeredCredentialSourceIds([]string{lib1.Item.Id})) + require.NoError(err) + require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{lib1.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: lib1.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + }) + assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{lib1.Item.Id}) + assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ + { + Id: lib1.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + }) + + // Set second Vault library and a static credential + tar, err = tarClient.SetCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, + targets.WithBrokeredCredentialSourceIds([]string{lib2.Item.Id, cred.Item.Id})) + require.NoError(err) + require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{lib2.Item.Id, cred.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: lib2.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) + assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{lib2.Item.Id, cred.Item.Id}) + assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ + { + Id: lib2.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) + // Remove second Vault library + tar, err = tarClient.RemoveCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, + targets.WithBrokeredCredentialSourceIds([]string{lib2.Item.Id})) + require.NoError(err) + require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{cred.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) + assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{cred.Item.Id}) + assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) + + // Set empty credential sources + tar, err = tarClient.SetCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, + targets.WithBrokeredCredentialSourceIds([]string{})) + require.NoError(err) + require.NotNil(tar) + assert.Empty(tar.Item.BrokeredCredentialSourceIds) assert.Empty(tar.Item.ApplicationCredentialSourceIds) +} + +func TestDeprecatedCredentialSourcesASD(t *testing.T) { + assert, require := assert.New(t), require.New(t) + tc := controller.NewTestController(t, nil) + defer tc.Shutdown() + vaultServ := vault.NewTestVaultServer(t, vault.WithTestVaultTLS(vault.TestNoTLS)) + _, vaultTok := vaultServ.CreateToken(t) + + token := tc.Token() + _, proj := iam.TestScopes(t, tc.IamRepo(), iam.WithUserId(token.UserId)) + client := tc.Client().Clone() + client.SetToken(token.Token) + + csVault, err := credentialstores.NewClient(client).Create(tc.Context(), "vault", proj.GetPublicId(), + credentialstores.WithVaultCredentialStoreAddress(vaultServ.Addr), credentialstores.WithVaultCredentialStoreToken(vaultTok)) + require.NoError(err) + require.NotNil(csVault) + + lClient := credentiallibraries.NewClient(client) + lib1, err := lClient.Create(tc.Context(), csVault.Item.Id, credentiallibraries.WithVaultCredentialLibraryPath("something1")) + require.NoError(err) + require.NotNil(lib1) + + lib2, err := lClient.Create(tc.Context(), csVault.Item.Id, credentiallibraries.WithVaultCredentialLibraryPath("something2")) + require.NoError(err) + require.NotNil(lib2) + + csStatic, err := credentialstores.NewClient(client).Create(tc.Context(), "static", proj.GetPublicId()) + require.NoError(err) + require.NotNil(csStatic) + + cClient := credentials.NewClient(client) + cOpts := []credentials.Option{credentials.WithUsernamePasswordCredentialUsername("user"), credentials.WithUsernamePasswordCredentialPassword("pass")} + cred, err := cClient.Create(tc.Context(), "username_password", csStatic.Item.Id, cOpts...) + require.NoError(err) + require.NotNil(cred) + + tarClient := targets.NewClient(client) + tar, err := tarClient.Create(tc.Context(), "tcp", proj.GetPublicId(), targets.WithName("foo"), targets.WithTcpTargetDefaultPort(2)) + require.NoError(err) + require.NotNil(tar) + assert.Empty(tar.Item.BrokeredCredentialSourceIds) // Add first Vault library tar, err = tarClient.AddCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, targets.WithApplicationCredentialSourceIds([]string{lib1.Item.Id})) require.NoError(err) require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{lib1.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: lib1.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + }) assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{lib1.Item.Id}) assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ { @@ -127,6 +252,17 @@ func TestCredentialSourcesASD(t *testing.T) { targets.WithApplicationCredentialSourceIds([]string{lib2.Item.Id, cred.Item.Id})) require.NoError(err) require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{lib2.Item.Id, cred.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: lib2.Item.Id, + CredentialStoreId: csVault.Item.Id, + }, + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{lib2.Item.Id, cred.Item.Id}) assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ { @@ -138,12 +274,18 @@ func TestCredentialSourcesASD(t *testing.T) { CredentialStoreId: csStatic.Item.Id, }, }) - // Remove second Vault library tar, err = tarClient.RemoveCredentialSources(tc.Context(), tar.Item.Id, tar.Item.Version, targets.WithApplicationCredentialSourceIds([]string{lib2.Item.Id})) require.NoError(err) require.NotNil(tar) + assert.ElementsMatch(tar.Item.BrokeredCredentialSourceIds, []string{cred.Item.Id}) + assert.ElementsMatch(tar.Item.BrokeredCredentialSources, []*targets.CredentialSource{ + { + Id: cred.Item.Id, + CredentialStoreId: csStatic.Item.Id, + }, + }) assert.ElementsMatch(tar.Item.ApplicationCredentialSourceIds, []string{cred.Item.Id}) assert.ElementsMatch(tar.Item.ApplicationCredentialSources, []*targets.CredentialSource{ { @@ -157,6 +299,7 @@ func TestCredentialSourcesASD(t *testing.T) { targets.WithApplicationCredentialSourceIds([]string{})) require.NoError(err) require.NotNil(tar) + assert.Empty(tar.Item.BrokeredCredentialSourceIds) assert.Empty(tar.Item.ApplicationCredentialSourceIds) } diff --git a/internal/tests/cli/boundary/_target_credential_sources.bash b/internal/tests/cli/boundary/_target_credential_sources.bash index b2097ca759..47d98e2a6d 100644 --- a/internal/tests/cli/boundary/_target_credential_sources.bash +++ b/internal/tests/cli/boundary/_target_credential_sources.bash @@ -1,27 +1,27 @@ load _authorized_actions -function add_target_application_credential_sources() { +function add_target_brokered_credential_sources() { for i in "${@:2}" do - cred+="-application-credential-source $i " + cred+="-brokered-credential-source $i " done boundary targets add-credential-sources -id $1 $cred } -function remove_target_application_credential_sources() { +function remove_target_brokered_credential_sources() { for i in "${@:2}" do - cred+="-application-credential-source $i " + cred+="-brokered-credential-source $i " done boundary targets remove-credential-sources -id $1 $cred } -function set_target_application_credential_sources() { +function set_target_brokered_credential_sources() { for i in "${@:2}" do - cred+="-application-credential-source $i " + cred+="-brokered-credential-source $i " done boundary targets set-credential-sources -id $1 $cred diff --git a/internal/tests/cli/boundary/target_credential_sources.bats b/internal/tests/cli/boundary/target_credential_sources.bats index 4da9204e83..25ee31459b 100644 --- a/internal/tests/cli/boundary/target_credential_sources.bats +++ b/internal/tests/cli/boundary/target_credential_sources.bats @@ -34,7 +34,7 @@ export NEW_CREDENTIAL2='third-credential' @test "boundary/target: can add $NEW_CREDENTIAL credential source" { local csid=$(credential_store_id $NEW_STORE $DEFAULT_P_ID) local cid=$(credential_id $NEW_CREDENTIAL $csid) - run add_target_application_credential_sources $DEFAULT_TARGET $cid + run add_target_brokered_credential_sources $DEFAULT_TARGET $cid echo "$output" [ "$status" -eq 0 ] } @@ -50,7 +50,7 @@ export NEW_CREDENTIAL2='third-credential' @test "boundary/target: cannot add duplicate credential source" { local csid=$(credential_store_id $NEW_STORE $DEFAULT_P_ID) local cid=$(credential_id $NEW_CREDENTIAL $csid) - run add_target_application_credential_sources $DEFAULT_TARGET $cid + run add_target_brokered_credential_sources $DEFAULT_TARGET $cid echo "$output" [ "$status" -eq 1 ] } @@ -58,7 +58,7 @@ export NEW_CREDENTIAL2='third-credential' @test "boundary/target: can delete $NEW_CREDENTIAL credential source" { local csid=$(credential_store_id $NEW_STORE $DEFAULT_P_ID) local cid=$(credential_id $NEW_CREDENTIAL $csid) - run remove_target_application_credential_sources $DEFAULT_TARGET $cid + run remove_target_brokered_credential_sources $DEFAULT_TARGET $cid echo "$output" [ "$status" -eq 0 ] } @@ -87,7 +87,7 @@ export NEW_CREDENTIAL2='third-credential' local cid=$(credential_id $NEW_CREDENTIAL $csid) local cid1=$(credential_id $NEW_CREDENTIAL1 $csid) local cid2=$(credential_id $NEW_CREDENTIAL2 $csid) - run add_target_application_credential_sources $DEFAULT_TARGET $cid $cid1 $cid2 + run add_target_brokered_credential_sources $DEFAULT_TARGET $cid $cid1 $cid2 echo "$output" [ "$status" -eq 0 ] } @@ -106,7 +106,7 @@ export NEW_CREDENTIAL2='third-credential' local csid=$(credential_store_id $NEW_STORE $DEFAULT_P_ID) local cid=$(credential_id $NEW_CREDENTIAL $csid) local cid1=$(credential_id $NEW_CREDENTIAL1 $csid) - run remove_target_application_credential_sources $DEFAULT_TARGET $cid $cid1 + run remove_target_brokered_credential_sources $DEFAULT_TARGET $cid $cid1 echo "$output" [ "$status" -eq 0 ] } @@ -133,7 +133,7 @@ export NEW_CREDENTIAL2='third-credential' local cid=$(credential_id $NEW_CREDENTIAL $csid) local cid1=$(credential_id $NEW_CREDENTIAL1 $csid) local cid2=$(credential_id $NEW_CREDENTIAL2 $csid) - run set_target_application_credential_sources $DEFAULT_TARGET $cid $cid1 $cid2 + run set_target_brokered_credential_sources $DEFAULT_TARGET $cid $cid1 $cid2 echo "$output" [ "$status" -eq 0 ] } @@ -151,7 +151,7 @@ export NEW_CREDENTIAL2='third-credential' @test "boundary/target: can set just $NEW_CREDENTIAL credential source" { local csid=$(credential_store_id $NEW_STORE $DEFAULT_P_ID) local cid=$(credential_id $NEW_CREDENTIAL $csid) - run set_target_application_credential_sources $DEFAULT_TARGET $cid + run set_target_brokered_credential_sources $DEFAULT_TARGET $cid echo "$output" [ "$status" -eq 0 ] } diff --git a/sdk/pbs/controller/api/resources/targets/target.pb.go b/sdk/pbs/controller/api/resources/targets/target.pb.go index 0752aec1e2..3ba32229d1 100644 --- a/sdk/pbs/controller/api/resources/targets/target.pb.go +++ b/sdk/pbs/controller/api/resources/targets/target.pb.go @@ -400,13 +400,23 @@ type Target struct { // Optional boolean expression to filter the workers that are allowed to satisfy this request. WorkerFilter *wrapperspb.StringValue `protobuf:"bytes,140,opt,name=worker_filter,proto3" json:"worker_filter,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The IDs of the application credential source ids associated with this Target. + // Deprecated use "brokered_credential_source_ids" instead. + // + // Deprecated: Do not use. ApplicationCredentialSourceIds []string `protobuf:"bytes,400,rep,name=application_credential_source_ids,proto3" json:"application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The application credential sources associated with this Target. + // Deprecated use "brokered_credential_sources" instead. + // + // Deprecated: Do not use. ApplicationCredentialSources []*CredentialSource `protobuf:"bytes,410,rep,name=application_credential_sources,proto3" json:"application_credential_sources,omitempty"` - // Output only. The IDs of the egress credential source ids associated with this Target. - EgressCredentialSourceIds []string `protobuf:"bytes,500,rep,name=egress_credential_source_ids,proto3" json:"egress_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` - // Output only. The egress credential sources associated with this Target. - EgressCredentialSources []*CredentialSource `protobuf:"bytes,510,rep,name=egress_credential_sources,proto3" json:"egress_credential_sources,omitempty"` + // Output only. The IDs of the brokered credential source ids associated with this Target. + BrokeredCredentialSourceIds []string `protobuf:"bytes,440,rep,name=brokered_credential_source_ids,proto3" json:"brokered_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Output only. The brokered credential sources associated with this Target. + BrokeredCredentialSources []*CredentialSource `protobuf:"bytes,450,rep,name=brokered_credential_sources,proto3" json:"brokered_credential_sources,omitempty"` + // Output only. The IDs of the injected application credential source ids associated with this Target. + InjectedApplicationCredentialSourceIds []string `protobuf:"bytes,520,rep,name=injected_application_credential_source_ids,proto3" json:"injected_application_credential_source_ids,omitempty" class:"public"` // @gotags: `class:"public"` + // Output only. The injected application credential sources associated with this Target. + InjectedApplicationCredentialSources []*CredentialSource `protobuf:"bytes,530,rep,name=injected_application_credential_sources,proto3" json:"injected_application_credential_sources,omitempty"` // Types that are assignable to Attrs: // *Target_Attributes // *Target_TcpTargetAttributes @@ -559,6 +569,7 @@ func (x *Target) GetWorkerFilter() *wrapperspb.StringValue { return nil } +// Deprecated: Do not use. func (x *Target) GetApplicationCredentialSourceIds() []string { if x != nil { return x.ApplicationCredentialSourceIds @@ -566,6 +577,7 @@ func (x *Target) GetApplicationCredentialSourceIds() []string { return nil } +// Deprecated: Do not use. func (x *Target) GetApplicationCredentialSources() []*CredentialSource { if x != nil { return x.ApplicationCredentialSources @@ -573,16 +585,30 @@ func (x *Target) GetApplicationCredentialSources() []*CredentialSource { return nil } -func (x *Target) GetEgressCredentialSourceIds() []string { +func (x *Target) GetBrokeredCredentialSourceIds() []string { if x != nil { - return x.EgressCredentialSourceIds + return x.BrokeredCredentialSourceIds } return nil } -func (x *Target) GetEgressCredentialSources() []*CredentialSource { +func (x *Target) GetBrokeredCredentialSources() []*CredentialSource { if x != nil { - return x.EgressCredentialSources + return x.BrokeredCredentialSources + } + return nil +} + +func (x *Target) GetInjectedApplicationCredentialSourceIds() []string { + if x != nil { + return x.InjectedApplicationCredentialSourceIds + } + return nil +} + +func (x *Target) GetInjectedApplicationCredentialSources() []*CredentialSource { + if x != nil { + return x.InjectedApplicationCredentialSources } return nil } @@ -1132,7 +1158,7 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4a, 0x04, 0x08, 0x0a, 0x10, 0x0b, 0x52, 0x12, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6c, 0x69, - 0x62, 0x72, 0x61, 0x72, 0x79, 0x22, 0xc0, 0x0e, 0x0a, 0x06, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x62, 0x72, 0x61, 0x72, 0x79, 0x22, 0x8e, 0x11, 0x0a, 0x06, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x05, @@ -1201,138 +1227,159 @@ var file_controller_api_resources_targets_v1_target_proto_rawDesc = []byte{ 0x29, 0x01, 0xc2, 0xdd, 0x29, 0x1d, 0x0a, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x12, 0x4d, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x65, 0x72, 0x12, 0x51, 0x0a, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x90, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x21, - 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, - 0x73, 0x12, 0x7e, 0x0a, 0x1e, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x18, 0x9a, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x1e, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, + 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x90, 0x03, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, + 0x18, 0x01, 0x52, 0x21, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x82, 0x01, 0x0a, 0x1e, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x9a, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x1e, 0x61, 0x70, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x47, 0x0a, 0x1e, 0x62, 0x72, + 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0xb8, 0x03, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x1e, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, + 0x69, 0x64, 0x73, 0x12, 0x78, 0x0a, 0x1b, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, + 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x73, 0x18, 0xc2, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x1b, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x5f, 0x0a, + 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x88, 0x04, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x2a, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, + 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x90, + 0x01, 0x0a, 0x27, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x92, 0x04, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x27, 0x69, 0x6e, 0x6a, 0x65, 0x63, 0x74, + 0x65, 0x64, 0x5f, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x12, 0x43, 0x0a, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, - 0x73, 0x18, 0xf4, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x12, 0x74, 0x0a, 0x19, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x18, 0xfe, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x19, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x0a, - 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0xc8, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x0f, 0xa0, 0xda, 0x29, 0x01, - 0x9a, 0xe3, 0x29, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x61, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x8c, 0x01, 0x0a, 0x15, 0x74, 0x63, - 0x70, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x73, 0x18, 0xc9, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x12, 0x4b, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, + 0xc8, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, + 0x0f, 0xa0, 0xda, 0x29, 0x01, 0x9a, 0xe3, 0x29, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x48, 0x00, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x8c, + 0x01, 0x0a, 0x15, 0x74, 0x63, 0x70, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x61, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0xc9, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x63, 0x70, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x1b, 0xa0, 0xda, 0x29, 0x01, 0x9a, + 0xe3, 0x29, 0x03, 0x74, 0x63, 0x70, 0xfa, 0xd2, 0xe4, 0x93, 0x02, 0x0a, 0x12, 0x08, 0x49, 0x4e, + 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x48, 0x00, 0x52, 0x13, 0x74, 0x63, 0x70, 0x54, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, + 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0xac, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x07, + 0x0a, 0x05, 0x61, 0x74, 0x74, 0x72, 0x73, 0x4a, 0x06, 0x08, 0x96, 0x01, 0x10, 0x97, 0x01, 0x4a, + 0x06, 0x08, 0xb4, 0x01, 0x10, 0xb5, 0x01, 0x4a, 0x06, 0x08, 0xf4, 0x03, 0x10, 0xf5, 0x03, 0x4a, + 0x06, 0x08, 0xfe, 0x03, 0x10, 0xff, 0x03, 0x52, 0x22, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, + 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x69, 0x64, 0x73, 0x52, 0x20, 0x61, 0x70, 0x70, + 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x61, 0x6c, 0x5f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x69, 0x65, 0x73, 0x52, 0x1c, 0x65, + 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x73, 0x52, 0x19, 0x65, 0x67, 0x72, + 0x65, 0x73, 0x73, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x13, 0x54, 0x63, 0x70, 0x54, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x70, + 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x42, 0x2e, 0xa0, 0xda, 0x29, 0x01, 0xc2, 0xdd, 0x29, 0x26, 0x0a, 0x17, 0x61, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x0b, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x50, 0x6f, + 0x72, 0x74, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, + 0x22, 0x26, 0x0a, 0x0a, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x18, + 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xed, 0x03, 0x0a, 0x18, 0x53, 0x65, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, + 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, + 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x5f, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x1e, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x73, 0x63, + 0x6f, 0x70, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x49, 0x6e, 0x66, + 0x6f, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x28, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x50, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2a, 0x0a, 0x10, + 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, + 0x18, 0x5a, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x78, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x70, 0x72, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x82, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0x18, 0x0a, + 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x8c, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x68, 0x6f, 0x73, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x18, 0x8d, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x52, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x5f, 0x69, + 0x6e, 0x66, 0x6f, 0x18, 0x96, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x54, 0x63, 0x70, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x73, 0x42, 0x1b, 0xa0, 0xda, 0x29, 0x01, 0x9a, 0xe3, 0x29, 0x03, 0x74, 0x63, - 0x70, 0xfa, 0xd2, 0xe4, 0x93, 0x02, 0x0a, 0x12, 0x08, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, - 0x4c, 0x48, 0x00, 0x52, 0x13, 0x74, 0x63, 0x70, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x41, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x12, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xac, - 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x61, 0x74, 0x74, - 0x72, 0x73, 0x4a, 0x06, 0x08, 0x96, 0x01, 0x10, 0x97, 0x01, 0x4a, 0x06, 0x08, 0xb4, 0x01, 0x10, - 0xb5, 0x01, 0x52, 0x22, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6c, 0x69, 0x62, 0x72, 0x61, - 0x72, 0x79, 0x5f, 0x69, 0x64, 0x73, 0x52, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6c, - 0x69, 0x62, 0x72, 0x61, 0x72, 0x69, 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x13, 0x54, 0x63, 0x70, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, - 0x12, 0x70, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x42, 0x2e, 0xa0, 0xda, 0x29, 0x01, 0xc2, 0xdd, 0x29, 0x26, 0x0a, 0x17, - 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x64, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x0b, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, - 0x50, 0x6f, 0x72, 0x74, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x70, 0x6f, - 0x72, 0x74, 0x22, 0x26, 0x0a, 0x0a, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x49, 0x6e, 0x66, 0x6f, - 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0xed, 0x03, 0x0a, 0x18, 0x53, - 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, - 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x65, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x5f, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x1e, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, - 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, - 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x49, - 0x6e, 0x66, 0x6f, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x0c, 0x63, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x28, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x18, 0x50, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2a, - 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x69, 0x6d, - 0x69, 0x74, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x78, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0b, - 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x82, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x12, - 0x18, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x8c, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x68, 0x6f, 0x73, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x08, 0x65, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x8d, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x52, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x65, 0x72, - 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x96, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x77, - 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x22, 0xeb, 0x03, 0x0a, 0x14, 0x53, - 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, - 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x5f, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69, - 0x64, 0x12, 0x43, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x73, 0x63, 0x6f, 0x70, - 0x65, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, - 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x28, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, - 0x64, 0x18, 0x32, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, - 0x12, 0x20, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, - 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x5f, - 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x46, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x50, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x12, 0x30, 0x0a, 0x13, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x64, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x58, - 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x6e, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x65, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x54, 0x0a, 0x1a, 0x55, 0x73, 0x65, 0x72, - 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50, - 0x5a, 0x4e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, - 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, - 0x65, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x2f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x65, 0x72, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x77, 0x6f, 0x72, + 0x6b, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x22, 0xeb, 0x03, 0x0a, 0x14, 0x53, 0x65, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, + 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x14, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x12, + 0x43, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, + 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, + 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x05, 0x73, + 0x63, 0x6f, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, + 0x74, 0x69, 0x6d, 0x65, 0x18, 0x28, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, + 0x74, 0x69, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, + 0x32, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x12, 0x20, + 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x3c, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, + 0x12, 0x18, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x46, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x50, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x30, + 0x0a, 0x13, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x64, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x58, 0x0a, 0x0b, + 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x6e, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2e, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x43, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x54, 0x0a, 0x1a, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61, + 0x6d, 0x65, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x61, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x42, 0x50, 0x5a, 0x4e, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x61, 0x72, 0x79, 0x2f, 0x73, 0x64, + 0x6b, 0x2f, 0x70, 0x62, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x2f, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x3b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1383,21 +1430,22 @@ var file_controller_api_resources_targets_v1_target_proto_depIdxs = []int32{ 16, // 12: controller.api.resources.targets.v1.Target.session_connection_limit:type_name -> google.protobuf.Int32Value 13, // 13: controller.api.resources.targets.v1.Target.worker_filter:type_name -> google.protobuf.StringValue 2, // 14: controller.api.resources.targets.v1.Target.application_credential_sources:type_name -> controller.api.resources.targets.v1.CredentialSource - 2, // 15: controller.api.resources.targets.v1.Target.egress_credential_sources:type_name -> controller.api.resources.targets.v1.CredentialSource - 11, // 16: controller.api.resources.targets.v1.Target.attributes:type_name -> google.protobuf.Struct - 6, // 17: controller.api.resources.targets.v1.Target.tcp_target_attributes:type_name -> controller.api.resources.targets.v1.TcpTargetAttributes - 15, // 18: controller.api.resources.targets.v1.TcpTargetAttributes.default_port:type_name -> google.protobuf.UInt32Value - 12, // 19: controller.api.resources.targets.v1.SessionAuthorizationData.scope:type_name -> controller.api.resources.scopes.v1.ScopeInfo - 14, // 20: controller.api.resources.targets.v1.SessionAuthorizationData.created_time:type_name -> google.protobuf.Timestamp - 7, // 21: controller.api.resources.targets.v1.SessionAuthorizationData.worker_info:type_name -> controller.api.resources.targets.v1.WorkerInfo - 12, // 22: controller.api.resources.targets.v1.SessionAuthorization.scope:type_name -> controller.api.resources.scopes.v1.ScopeInfo - 14, // 23: controller.api.resources.targets.v1.SessionAuthorization.created_time:type_name -> google.protobuf.Timestamp - 4, // 24: controller.api.resources.targets.v1.SessionAuthorization.credentials:type_name -> controller.api.resources.targets.v1.SessionCredential - 25, // [25:25] is the sub-list for method output_type - 25, // [25:25] is the sub-list for method input_type - 25, // [25:25] is the sub-list for extension type_name - 25, // [25:25] is the sub-list for extension extendee - 0, // [0:25] is the sub-list for field type_name + 2, // 15: controller.api.resources.targets.v1.Target.brokered_credential_sources:type_name -> controller.api.resources.targets.v1.CredentialSource + 2, // 16: controller.api.resources.targets.v1.Target.injected_application_credential_sources:type_name -> controller.api.resources.targets.v1.CredentialSource + 11, // 17: controller.api.resources.targets.v1.Target.attributes:type_name -> google.protobuf.Struct + 6, // 18: controller.api.resources.targets.v1.Target.tcp_target_attributes:type_name -> controller.api.resources.targets.v1.TcpTargetAttributes + 15, // 19: controller.api.resources.targets.v1.TcpTargetAttributes.default_port:type_name -> google.protobuf.UInt32Value + 12, // 20: controller.api.resources.targets.v1.SessionAuthorizationData.scope:type_name -> controller.api.resources.scopes.v1.ScopeInfo + 14, // 21: controller.api.resources.targets.v1.SessionAuthorizationData.created_time:type_name -> google.protobuf.Timestamp + 7, // 22: controller.api.resources.targets.v1.SessionAuthorizationData.worker_info:type_name -> controller.api.resources.targets.v1.WorkerInfo + 12, // 23: controller.api.resources.targets.v1.SessionAuthorization.scope:type_name -> controller.api.resources.scopes.v1.ScopeInfo + 14, // 24: controller.api.resources.targets.v1.SessionAuthorization.created_time:type_name -> google.protobuf.Timestamp + 4, // 25: controller.api.resources.targets.v1.SessionAuthorization.credentials:type_name -> controller.api.resources.targets.v1.SessionCredential + 26, // [26:26] is the sub-list for method output_type + 26, // [26:26] is the sub-list for method input_type + 26, // [26:26] is the sub-list for extension type_name + 26, // [26:26] is the sub-list for extension extendee + 0, // [0:26] is the sub-list for field type_name } func init() { file_controller_api_resources_targets_v1_target_proto_init() }