hashicorp · jefferai · Oct 22, 2020 · Oct 20, 2020 · Oct 20, 2020 · Oct 21, 2020
@@ -26,12 +26,25 @@ func (n SessionAuthorizationResult) GetResponseMap() map[string]interface{} {
 }
 
 func (c *Client) AuthorizeSession(ctx context.Context, targetId string, opt ...Option) (*SessionAuthorizationResult, error) {
+	opts, apiOpts := getOpts(opt...)
+
 	if targetId == "" {
-		return nil, fmt.Errorf("empty targetId value passed into AuthorizeSession request")
+		if opts.postMap["name"] == nil {
+			return nil, fmt.Errorf("empty target name provided to AuthorizeSession request")
+		}
+		scopeIdEmpty := opts.postMap["scope_id"] == nil
+		scopeNameEmpty := opts.postMap["scope_name"] == nil
+		switch {
+		case scopeIdEmpty && scopeNameEmpty:
+			return nil, fmt.Errorf("empty targetId value and no combination of target name and scope ID/name passed into AuthorizeSession request")
+		case !scopeIdEmpty && !scopeNameEmpty:
+			return nil, fmt.Errorf("both scope ID and scope name cannot be provided in AuthorizeSession request")
+		default:
+			// Name is not empty and only one of scope ID or name set
+			targetId = opts.postMap["name"].(string)
+		}
 	}
 
-	opts, apiOpts := getOpts(opt...)
-
 	if c.client == nil {
 		return nil, fmt.Errorf("nil client")
 	}

@@ -111,6 +111,18 @@ func DefaultName() Option {
 	}
 }
 
+func WithScopeId(inScopeId string) Option {
+	return func(o *options) {
+		o.postMap["scope_id"] = inScopeId
+	}
+}
+
+func WithScopeName(inScopeName string) Option {
+	return func(o *options) {
+		o.postMap["scope_name"] = inScopeName
+	}
+}
+
 func WithSessionConnectionLimit(inSessionConnectionLimit int32) Option {
 	return func(o *options) {
 		o.postMap["session_connection_limit"] = inSessionConnectionLimit

@@ -365,6 +365,18 @@ var inputStructs = []*structInfo{
 				FieldType:   "string",
 				SkipDefault: true,
 			},
+			{
+				Name:        "ScopeId",
+				ProtoName:   "scope_id",
+				FieldType:   "string",
+				SkipDefault: true,
+			},
+			{
+				Name:        "ScopeName",
+				ProtoName:   "scope_name",
+				FieldType:   "string",
+				SkipDefault: true,
+			},
 		},
 		versionEnabled:      true,
 		typeOnCreate:        true,

@@ -68,6 +68,11 @@ type VerifyResults struct {
 	Error       error
 	Scope       *scopes.ScopeInfo
 
+	// RoundTripValue can be set to allow the function performing authentication
+	// (often accompanied by lookup(s)) to return a result of that lookup to the
+	// calling function. It is opaque to this package.
+	RoundTripValue interface{}
+
 	// Used for additional verification
 	v *verifier
 }

@@ -65,6 +65,7 @@ type Command struct {
 	flagOutputCurlString bool
 
 	FlagScopeId       string
+	FlagScopeName     string
 	FlagId            string
 	FlagName          string
 	FlagDescription   string

@@ -130,10 +130,14 @@ func (c *Command) Help() string {
 			"",
 			"  This command allows fetching session authorization credentials against a target. Example:",
 			"",
-			"    Set host-set resources on a tcp-type target:",
+			"    Request an authorized session using the target ID:",
 			"",
 			`      $ boundary targets authorize-session -id ttcp_1234567890`,
 			"",
+			"    Request an authorized session using the scope ID and target name:",
+			"",
+			`      $ boundary targets authorize-session -scope-id o_1234567890 -name prod-ssh`,
+			"",
 			"",
 		})
 	default:
@@ -168,6 +172,34 @@ func (c *Command) Flags() *base.FlagSets {
 		}
 	}
 
+	if c.Func == "authorize-session" {
+		flagsMap[c.Func] = append(flagsMap[c.Func], "name", "scope-id", "scope-name")
+
+		// We put these here to change usage and change defaults (don't want
+		// them populated by default)
+		f.StringVar(&base.StringVar{
+			Name:   "name",
+			Target: &c.FlagName,
+			Usage:  "Target name, if authorizing the session via scope parameters and target name.",
+		})
+
+		f.StringVar(&base.StringVar{
+			Name:       "scope-id",
+			Target:     &c.FlagScopeId,
+			EnvVar:     "BOUNDARY_SCOPE_ID",
+			Completion: complete.PredictAnything,
+			Usage:      "Target scope ID, if authorizing the session via scope parameters and target name. Mutually exclusive with -scope-name.",
+		})
+
+		f.StringVar(&base.StringVar{
+			Name:       "scope-name",
+			Target:     &c.FlagScopeName,
+			EnvVar:     "BOUNDARY_SCOPE_NAME",
+			Completion: complete.PredictAnything,
+			Usage:      "Target scope name, if authorizing the session via scope parameters and target name. Mutually exclusive with -scope-id.",
+		})
+	}
+
 	return set
 }
 
@@ -197,13 +229,41 @@ func (c *Command) Run(args []string) int {
 		return 1
 	}
 
-	if strutil.StrListContains(flagsMap[c.Func], "id") && c.FlagId == "" {
-		c.UI.Error("ID is required but not passed in via -id")
-		return 1
+	var opts []targets.Option
+
+	if strutil.StrListContains(flagsMap[c.Func], "id") {
+		switch c.Func {
+		case "authorize-session":
+			if c.FlagId == "" &&
+				(c.FlagName == "" ||
+					(c.FlagScopeId == "" && c.FlagScopeName == "")) {
+				c.UI.Error("ID was not passed in, but no combination of name and scope ID/name was passed in either")
+				return 1
+			}
+			if c.FlagId != "" &&
+				(c.FlagName != "" || c.FlagScopeId != "" || c.FlagScopeName != "") {
+				c.UI.Error("Cannot specify a target ID and also other lookup parameters")
+				return 1
+			}
+		default:
+			if c.FlagId == "" {
+				c.UI.Error("ID is required but not passed in via -id")
+				return 1
+			}
+		}
 	}
-	if strutil.StrListContains(flagsMap[c.Func], "scope-id") && c.FlagScopeId == "" {
-		c.UI.Error("Scope ID must be passed in via -scope-id")
-		return 1
+	if strutil.StrListContains(flagsMap[c.Func], "scope-id") {
+		switch c.Func {
+		case "list":
+			if c.FlagScopeId == "" {
+				c.UI.Error("Scope ID must be passed in via -scope-id")
+				return 1
+			}
+		default:
+			if c.FlagScopeId != "" {
+				opts = append(opts, targets.WithScopeId(c.FlagScopeId))
+			}
+		}
 	}
 
 	client, err := c.Client()
@@ -212,8 +272,6 @@ func (c *Command) Run(args []string) int {
 		return 2
 	}
 
-	var opts []targets.Option
-
 	switch c.FlagName {
 	case "":
 	case "null":
@@ -222,6 +280,12 @@ func (c *Command) Run(args []string) int {
 		opts = append(opts, targets.WithName(c.FlagName))
 	}
 
+	switch c.FlagScopeName {
+	case "":
+	default:
+		opts = append(opts, targets.WithScopeName(c.FlagScopeName))
+	}
+
 	switch c.FlagDescription {
 	case "":
 	case "null":

@@ -17,25 +17,33 @@ func PopulateCommonFlags(c *base.Command, f *base.FlagSet, resourceType string,
 				EnvVar:     "BOUNDARY_SCOPE_ID",
 				Default:    "global",
 				Completion: complete.PredictAnything,
-				Usage:      `Scope in which to make the request`,
+				Usage:      `Scope in which to make the request.`,
+			})
+		case "scope-name":
+			f.StringVar(&base.StringVar{
+				Name:       "scope-name",
+				Target:     &c.FlagScopeName,
+				EnvVar:     "BOUNDARY_SCOPE_NAME",
+				Completion: complete.PredictAnything,
+				Usage:      `Scope in which to make the request, identified by name.`,
 			})
 		case "id":
 			f.StringVar(&base.StringVar{
 				Name:   "id",
 				Target: &c.FlagId,
-				Usage:  fmt.Sprintf("ID of the %s on which to operate", resourceType),
+				Usage:  fmt.Sprintf("ID of the %s on which to operate.", resourceType),
 			})
 		case "name":
 			f.StringVar(&base.StringVar{
 				Name:   "name",
 				Target: &c.FlagName,
-				Usage:  fmt.Sprintf("Name to set on the %s", resourceType),
+				Usage:  fmt.Sprintf("Name to set on the %s.", resourceType),
 			})
 		case "description":
 			f.StringVar(&base.StringVar{
 				Name:   "description",
 				Target: &c.FlagDescription,
-				Usage:  fmt.Sprintf("Description to set on the %s", resourceType),
+				Usage:  fmt.Sprintf("Description to set on the %s.", resourceType),
 			})
 		case "version":
 			f.IntVar(&base.IntVar{
@@ -48,14 +56,14 @@ func PopulateCommonFlags(c *base.Command, f *base.FlagSet, resourceType string,
 				Name:   "auth-method-id",
 				EnvVar: "BOUNDARY_AUTH_METHOD_ID",
 				Target: &c.FlagAuthMethodId,
-				Usage:  "The auth-method resource to use for the operation",
+				Usage:  "The auth-method resource to use for the operation.",
 			})
 		case "host-catalog-id":
 			f.StringVar(&base.StringVar{
 				Name:   "host-catalog-id",
 				EnvVar: "BOUNDARY_HOST_CATALOG_ID",
 				Target: &c.FlagHostCatalogId,
-				Usage:  "The host-catalog resource to use for the operation",
+				Usage:  "The host-catalog resource to use for the operation.",
 			})
 		}
 	}

@@ -1978,6 +1978,7 @@
         "parameters": [
           {
             "name": "id",
+            "description": "The ID of the target. Required unless some combination of scope_id/scope_name and name are set.",
             "in": "path",
             "required": true,
             "type": "string"
@@ -3503,7 +3504,20 @@
       "type": "object",
       "properties": {
         "id": {
-          "type": "string"
+          "type": "string",
+          "description": "The ID of the target. Required unless some combination of scope_id/scope_name and name are set."
+        },
+        "name": {
+          "type": "string",
+          "description": "The name of the target. When using this, scope_id or scope_name must be set."
+        },
+        "scope_id": {
+          "type": "string",
+          "description": "The scope ID containing the target, if specifying the target by name."
+        },
+        "scope_name": {
+          "type": "string",
+          "description": "The scope name containing the target, if specifying the target by name."
         },
         "host_id": {
           "type": "string",